search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.08k stars 1.58k forks source link

500 internal server error instead of 403 #2112

Closed ledzepp4eva closed 5 years ago

ledzepp4eva commented 5 years ago

Describe the bug

When a particular modsecurity rule is matched we receive a 500 error response instead of a 403.

Logs and dumps

Output of: 1.

[155964078234.257610] [] [4] Initializing transaction
[155964078234.257610] [] [4] Transaction context created.
[155964078234.257610] [] [4] Starting phase CONNECTION. (SecRules 0)
[155964078234.257610] [] [9] This phase consists of 32 rule(s).
[155964078234.257610] [] [4] Starting phase URI. (SecRules 0 + 1/2)
[155964078234.257610] [/help/contact-us/] [4] Starting phase REQUEST_HEADERS.  (SecRules 1)
[155964078234.257610] [/help/contact-us/] [9] This phase consists of 148 rule(s).
[155964078234.257610] [/help/contact-us/] [4] (Rule: 200000) Executing operator "Rx" with param "(?:text|application)/xml" against REQUEST_HEADERS:Content-Type.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 200001) Executing operator "Rx" with param "application/json" against REQUEST_HEADERS:Content-Type.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 900200) Executing unconditional rule...
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:allowed_methods with value: GET HEAD POST OPTIONS PURGE DELETE
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 900990) Executing unconditional rule...
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:crs_setup_version with value: 302
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 1234568) Executing operator "Contains" with param "cruise" against REQUEST_COOKIES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901001) Executing operator "Eq" with param "0" against TX:crs_setup_version.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:crs_setup_version)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901100) Executing operator "Eq" with param "0" against TX:inbound_anomaly_score_threshold.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:inbound_anomaly_score_threshold)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:inbound_anomaly_score_threshold with value: 5
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901110) Executing operator "Eq" with param "0" against TX:outbound_anomaly_score_threshold.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:outbound_anomaly_score_threshold)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:outbound_anomaly_score_threshold with value: 4
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901120) Executing operator "Eq" with param "0" against TX:paranoia_level.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:paranoia_level)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:paranoia_level with value: 1
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901130) Executing operator "Eq" with param "0" against TX:sampling_percentage.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sampling_percentage)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:sampling_percentage with value: 100
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901140) Executing operator "Eq" with param "0" against TX:critical_anomaly_score.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:critical_anomaly_score)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:critical_anomaly_score with value: 5
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901141) Executing operator "Eq" with param "0" against TX:error_anomaly_score.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:error_anomaly_score)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:error_anomaly_score with value: 4
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901142) Executing operator "Eq" with param "0" against TX:warning_anomaly_score.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:warning_anomaly_score)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:warning_anomaly_score with value: 3
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901143) Executing operator "Eq" with param "0" against TX:notice_anomaly_score.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:notice_anomaly_score)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:notice_anomaly_score with value: 2
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901150) Executing operator "Eq" with param "0" against TX:do_reput_block.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:do_reput_block)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:do_reput_block with value: 0
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901152) Executing operator "Eq" with param "0" against TX:reput_block_duration.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:reput_block_duration)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:reput_block_duration with value: 300
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901160) Executing operator "Eq" with param "0" against TX:allowed_methods.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:allowed_methods)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901162) Executing operator "Eq" with param "0" against TX:allowed_request_content_type.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:allowed_request_content_type)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:allowed_request_content_type with value: application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901163) Executing operator "Eq" with param "0" against TX:allowed_http_versions.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:allowed_http_versions)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:allowed_http_versions with value: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901164) Executing operator "Eq" with param "0" against TX:restricted_extensions.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:restricted_extensions)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:restricted_extensions with value: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901165) Executing operator "Eq" with param "0" against TX:restricted_headers.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:restricted_headers)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:restricted_headers with value: /proxy/ /lock-token/ /content-range/ /translate/ /if/
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901166) Executing operator "Eq" with param "0" against TX:static_extensions.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:static_extensions)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:static_extensions with value: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901200) Executing unconditional rule...
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:anomaly_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:sql_injection_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:xss_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:rfi_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:lfi_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:rce_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:php_injection_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:http_violation_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:session_fixation_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:inbound_anomaly_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:outbound_anomaly_score with value: 0
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:sql_error_match with value: 0
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901318) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS:User-Agent.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:sha1: "�W2F'<����}G����"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:hexEncode: "0315ffffffd257123246273cffffffe1fffffff3ffffffedffffffb87d47ffffff8f00fffffff3ff (14 characters omitted)"
[155964078234.257610] [/help/contact-us/] [9] Target value: "0315ffffffd257123246273cffffffe1fffffff3ffffffedffffffb87d47ffffff8f00fffffff3ff (14 characters omitted)" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:ua_hash with value: 0315ffffffd257123246273cffffffe1fffffff3ffffffedffffffb87d47ffffff8f00fffffff3fffffffcffffffe8
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901321) Executing unconditional rule...
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:real_ip with value: 1.1.1.1
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: initcol
[155964078234.257610] [/help/contact-us/] [5] Collection `global' initialized with value: global
[155964078234.257610] [/help/contact-us/] [9] Running action: initcol
[155964078234.257610] [/help/contact-us/] [5] Collection `ip' initialized with value: 1.1.1.1_0315ffffffd257123246273cffffffe1fffffff3ffffffedffffffb87d47ffffff8f00fffffff3fffffffcffffffe8
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 901400) Executing operator "Eq" with param "100" against TX:sampling_percentage.
[155964078234.257610] [/help/contact-us/] [9] Target value: "100" (Variable: TX:sampling_percentage)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '901410' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '901420' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '901430' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '901440' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '901450' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [9] Rule: END-SAMPLING
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 6 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9001180) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9001182) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9001184) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9002000) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002200' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002300' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002400' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-WORDPRESS-ADMIN
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 5 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 905100) Executing operator "StrEq" with param "GET /" against REQUEST_LINE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET /help/contact-us/ HTTP/1.1" (Variable: REQUEST_LINE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 905110) Executing operator "Rx" with param "^(GET /|OPTIONS \*) HTTP/[12]\.[01]$" against REQUEST_LINE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET /help/contact-us/ HTTP/1.1" (Variable: REQUEST_LINE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910015' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910017' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 911011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 911013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '911015' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '911017' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 912100) Executing operator "Eq" with param "0" against TX:dos_burst_time_slice.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:dos_burst_time_slice)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_counter_threshold.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:dos_counter_threshold)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_block_timeout.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:dos_block_timeout)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912011' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912120' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912130' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912013' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912015' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912017' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [9] Rule: END_DOS_PROTECTION_CHECKS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 8 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913015' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913017' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920160) Executing operator "Rx" with param "^\d+$" against REQUEST_HEADERS:Content-Length.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920015' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920017' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921015' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921017' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '930015' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '930017' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '931015' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '931017' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '932015' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '932017' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933015' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933017' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941015' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941017' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942015' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942017' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '943015' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '943017' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '949015' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '949017' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 980011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 980013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '980015' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '980017' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 900000) Executing unconditional rule...
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:paranoia_level with value: 1
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [4] (Rule: 1) Executing operator "BeginsWith" with param "/" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "IpMatch" with param "62.255.128.2" against REMOTE_ADDR.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1.1.1.1" (Variable: REMOTE_ADDR)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 2) Executing operator "BeginsWith" with param "/mirakl/submitproducts" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 3) Executing operator "BeginsWith" with param "/customer/addNewCard" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 4) Executing operator "BeginsWith" with param "/checkoutTransactionNoLogin?payment_gateway=paypal_express" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 5) Executing operator "BeginsWith" with param "/pay4later/pay4later/callback" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 6) Executing operator "BeginsWith" with param "/pay4later/pay4later/callback" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 7) Executing operator "BeginsWith" with param "/pay4later/pay4later/callback" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 8) Executing operator "BeginsWith" with param "/pay4later/pay4later/callback" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9) Executing operator "BeginsWith" with param "/" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "IpMatch" with param "86.30.74.82" against REMOTE_ADDR.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1.1.1.1" (Variable: REMOTE_ADDR)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 10) Executing operator "BeginsWith" with param "/feed/ProductDataType?type=" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 11) Executing operator "BeginsWith" with param "/*?rss=awin" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] Starting phase REQUEST_BODY. (SecRules 2)
[155964078234.257610] [/help/contact-us/] [9] This phase consists of 315 rule(s).
[155964078234.257610] [/help/contact-us/] [4] (Rule: 200002) Executing operator "Eq" with param "0" against REQBODY_ERROR.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: REQBODY_ERROR)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 200003) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '200004'. Removed by an SecRuleRemove directive.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 200005) Executing operator "StrEq" with param "0" against TX:regex(^MSC_).
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9001000) Executing operator "Eq" with param "0" against TX:crs_exclusions_drupal.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:crs_exclusions_drupal)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001100' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001110' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001112' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001114' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001116' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001122' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001124' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001126' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001128' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001140' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001160' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001170' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001200' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001202' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001204' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001206' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001208' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001210' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001212' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001214' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9001216' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-DRUPAL-RULE-EXCLUSIONS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 22 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 9002001) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002100' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002120' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002130' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002150' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002160' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002401' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002410' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002420' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002520' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002530' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002540' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002600' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002700' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002710' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002720' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002730' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002740' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002750' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002760' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002800' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002810' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002820' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '9002900' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-WORDPRESS-ADMIN
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-WORDPRESS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 25 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910000) Executing operator "Eq" with param "1" against TX:DO_REPUT_BLOCK.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:DO_REPUT_BLOCK)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910100) Executing operator "Rx" with param "^$" against TX:HIGH_RISK_COUNTRY_CODES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910120) Executing operator "Eq" with param "1" against IP:PREVIOUS_RBL_CHECK.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910130) Executing operator "Eq" with param "0" against TX:block_suspicious_ip.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:block_suspicious_ip)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_harvester_ip.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:block_harvester_ip)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_spammer_ip.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:block_spammer_ip)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_search_ip.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:block_search_ip)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910140' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910150' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910160' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910170' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910180' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910190' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: END_RBL_LOOKUP
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [9] Rule: END_RBL_CHECK
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 8 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 910014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910016' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '910018' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-910-IP-REPUTATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 911012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 911100) Executing operator "Within" with param "GET HEAD POST OPTIONS PURGE DELETE" Was: "" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 911014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '911016' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '911018' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 912012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 912014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912016' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '912018' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-912-DOS-PROTECTION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913100) Executing operator "PmFromFile" with param "scanners-user-agents.data" against REQUEST_HEADERS:User-Agent.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913110) Executing operator "PmFromFile" with param "scanners-headers.data" against REQUEST_HEADERS.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "user-agent"
[155964078234.257610] [/help/contact-us/] [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "accept"
[155964078234.257610] [/help/contact-us/] [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "host"
[155964078234.257610] [/help/contact-us/] [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "referrer"
[155964078234.257610] [/help/contact-us/] [9] Target value: "referrer" (Variable: REQUEST_HEADERS_NAMES:referrer)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "*/*"
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913120) Executing operator "PmFromFile" with param "scanners-urls.data" against ARGS.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_FILENAME)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 913014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913101' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913102' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913016' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '913018' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-913-SCANNER-DETECTION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 5 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920100) Executing operator "Rx" with param "^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" against REQUEST_LINE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET /help/contact-us/ HTTP/1.1" (Variable: REQUEST_LINE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920120) Executing operator "Rx" with param "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\"=]" against FILES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920130) Executing operator "Eq" with param "0" against REQBODY_ERROR.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: REQBODY_ERROR)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920140) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920170) Executing operator "Rx" with param "^(?:GET|HEAD)$" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 2 current transaction is: 255
[155964078234.257610] [/help/contact-us/] [9] Saving msg: GET or HEAD Request with Body Content.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Rx" with param "^0?$" against REQUEST_HEADERS:Content-Length.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920180) Executing operator "Rx" with param "^POST$" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920190) Executing operator "Rx" with param "(\d+)\-(\d+)\," against REQUEST_HEADERS:Request-Range.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920210) Executing operator "Rx" with param "\b(keep-alive|close),\s?(keep-alive|close)\b" against REQUEST_HEADERS:Connection.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920220) Executing operator "Rx" with param "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" against REQUEST_URI.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920240) Executing operator "Rx" with param "^(application\/x-www-form-urlencoded|text\/xml)(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$" against REQUEST_HEADERS:Content-Type.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920250) Executing operator "Eq" with param "1" against TX:CRS_VALIDATE_UTF8_ENCODING.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920260) Executing operator "Rx" with param "\%u[fF]{2}[0-9a-fA-F]{2}" against REQUEST_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920270) Executing operator "ValidadeByteRange" with param "1-255" against ARGS_NAMES.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "*/*"
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920280) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Host.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920290) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Host.
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920310) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920311) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920330) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:User-Agent.
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920340) Executing operator "Rx" with param "^0$" against REQUEST_HEADERS:Content-Length.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920350) Executing operator "Rx" with param "^[\d.:]+$" against REQUEST_HEADERS:Host.
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920380) Executing operator "Eq" with param "1" against TX:MAX_NUM_ARGS.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:MAX_NUM_ARGS)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920360) Executing operator "Eq" with param "1" against TX:ARG_NAME_LENGTH.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:ARG_NAME_LENGTH)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920370) Executing operator "Eq" with param "1" against TX:ARG_LENGTH.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:ARG_LENGTH)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920390) Executing operator "Eq" with param "1" against TX:TOTAL_ARG_LENGTH.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:TOTAL_ARG_LENGTH)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920400) Executing operator "Eq" with param "1" against TX:MAX_FILE_SIZE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:MAX_FILE_SIZE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920410) Executing operator "Eq" with param "1" against TX:COMBINED_FILE_SIZES.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:COMBINED_FILE_SIZES)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920420) Executing operator "Rx" with param "^(?:GET|HEAD|PROPFIND|OPTIONS)$" against REQUEST_METHOD.
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET" (Variable: REQUEST_METHOD)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920430) Executing operator "Within" with param "HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0" Was: "" against REQUEST_PROTOCOL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "HTTP/1.1" (Variable: REQUEST_PROTOCOL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920440) Executing operator "Rx" with param "\.(.*)$" against REQUEST_BASENAME.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920450) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS_NAMES.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "user-agent"
[155964078234.257610] [/help/contact-us/] [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.0: user-agent
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.1: user-agent
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:header_name_user-agent with value: /user-agent/
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 2 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: HTTP header is restricted by policy (user-agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "accept"
[155964078234.257610] [/help/contact-us/] [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.0: accept
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.1: accept
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:header_name_accept with value: /accept/
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 2 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: HTTP header is restricted by policy (accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "host"
[155964078234.257610] [/help/contact-us/] [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.0: host
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.1: host
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:header_name_host with value: /host/
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 2 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: HTTP header is restricted by policy (host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "referrer"
[155964078234.257610] [/help/contact-us/] [9] Target value: "referrer" (Variable: REQUEST_HEADERS_NAMES:referrer)
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.0: referrer
[155964078234.257610] [/help/contact-us/] [7] Added regex subexpression TX.1: referrer
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:header_name_referrer with value: /referrer/
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 2 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: HTTP header is restricted by policy (referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Within" with param "/proxy/ /lock-token/ /content-range/ /translate/ /if/" Was: "" against TX:regex(^HEADER_NAME_).
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 920014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920200' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920201' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920230' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920300' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920271' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920320' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920121' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920016' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920272' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920018' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920202' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920273' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920274' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '920460' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 15 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921100) Executing operator "Rx" with param "," against REQUEST_HEADERS:regex((Content-Length|Transfer-Encoding)).
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921110) Executing operator "Rx" with param "(?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921120) Executing operator "Rx" with param "[\r\n]\W*?(?:content-(type|length)|set-cookie|location):" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921130) Executing operator "Rx" with param "(?:\bhttp\/(?:0\.9|1\.[01])|<(?:html|meta)\b)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921140) Executing operator "Rx" with param "(\n|\r)" against REQUEST_HEADERS.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "User-Agent"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "user-agent"
[155964078234.257610] [/help/contact-us/] [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "Accept"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "accept"
[155964078234.257610] [/help/contact-us/] [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "Host"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "host"
[155964078234.257610] [/help/contact-us/] [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "referrer"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "referrer"
[155964078234.257610] [/help/contact-us/] [9] Target value: "referrer" (Variable: REQUEST_HEADERS_NAMES:referrer)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "*/*"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "*/*"
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921150) Executing operator "Rx" with param "(\n|\r)" against ARGS_NAMES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921160) Executing operator "Rx" with param "(?:\n|\r)+(?:\s+|location|refresh|(?:set-)?cookie|(X-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 921014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921151' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921016' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921170' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921180' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '921018' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 6 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930100) Executing operator "Rx" with param "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI_RAW)
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930110) Executing operator "Pm" with param "..\ ../" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cmdLine: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_URI)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cmdLine: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "*/*"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "*/*"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "*/*"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cmdLine: "*/*"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cmdLine: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cmdLine: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930120) Executing operator "PmFromFile" with param "lfi-os-files.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930130) Executing operator "PmFromFile" with param "restricted-files.data" against REQUEST_FILENAME.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:normalizePathWin: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_FILENAME)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 930014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '930016' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '930018' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931100) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?):\/\/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" against ARGS.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931110) Executing operator "Rx" with param "(?i:(\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(file|ftps?|https?):\/\/)" against REQUEST_BODY.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931120) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?)(.*?)\?+$" against ARGS.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 931014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '931130' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '931016' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '931018' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 4 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932100) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:w[\\\\'\"]*p[\\\\'\"]*-[\\\\'\"]*(?:d[\\\\'\"]*(?:o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*m[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*q[\\\\'\"]*u[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|m[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*r)|s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|h[\\\\'\"]*w|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m|(?:\s|<|>).*)|o[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*(?:t[\\\\'\"]*e|l)[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|d[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|(?:[np]|y[\\\\'\"]*n[\\\\'\"]*x)[\\\\'\"]*(?:\s|<|>).*)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p[\\\\'\"]*2)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*h)|r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*k[\\\\'\"]*s[\\\\'\"]*w|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*(?:p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|h[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*(?:\s|<|>).*|f[\\\\'\"]*l[\\\\'\"]*a[\\\\'\"]*g[\\\\'\"]*s|a[\\\\'\"]*t[\\\\'\"]*t[\\\\'\"]*r|m[\\\\'\"]*o[\\\\'\"]*d)|r[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*b|(?:[cp]|a[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h)|f[\\\\'\"]*(?:i(?:[\\\\'\"]*(?:l[\\\\'\"]*e[\\\\'\"]*(?:t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|(?:\s|<|>).*)|n[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*))?|t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|u[\\\\'\"]*n[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n|(?:e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|c)[\\\\'\"]*(?:\s|<|>).*|o[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|e[\\\\'\"]*(?:n[\\\\'\"]*(?:v(?:[\\\\'\"]*-[\\\\'\"]*u[\\\\'\"]*p[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)?|d[\\\\'\"]*(?:i[\\\\'\"]*f|s[\\\\'\"]*w))|x[\\\\'\"]*(?:p[\\\\'\"]*(?:a[\\\\'\"]*n[\\\\'\"]*d|o[\\\\'\"]*r[\\\\'\"]*t|r)|e[\\\\'\"]*c[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*t)|c[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|s[\\\\'\"]*a[\\\\'\"]*c|v[\\\\'\"]*a[\\\\'\"]*l)|h[\\\\'\"]*(?:t[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|p[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|o[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e|i[\\\\'\"]*d)|(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*y)|i[\\\\'\"]*(?:p[\\\\'\"]*(?:(?:6[\\\\'\"]*)?t[\\\\'\"]*a[\\\\'\"]*b[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*s|c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g)|r[\\\\'\"]*b(?:[\\\\'
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932105) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:(?:f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*)?(?:\s|<|>).*|e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d[\\\\'\"]*(?:\s|<|>).*)|h[\\\\'\"]*(?:\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b|u[\\\\'\"]*t[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n|(?:\s|<|>).*)|o[\\\\'\"]*(?:(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|r[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|c[\\\\'\"]*a[\\\\'\"]*t)|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p[\\\\'\"]*(?:\s|<|>).*)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|(?:l[\\\\'\"]*e[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|u[\\\\'\"]*(?:(?:\s|<|>).*|d[\\\\'\"]*o)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:k[\\\\'\"]*(?:g(?:(?:[\\\\'\"]*_)?[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*o)?|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|f[\\\\'\"]*(?:\s|<|>).*)|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|e[\\\\'\"]*r[\\\\'\"]*(?:l(?:[\\\\'\"]*(?:s[\\\\'\"]*h|5))?|m[\\\\'\"]*s)|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|(?:u[\\\\'\"]*s[\\\\'\"]*h|o[\\\\'\"]*p)[\\\\'\"]*d|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*(?:\s|<|>).*)|n[\\\\'\"]*(?:c[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|(?:\s|<|>).*|a[\\\\'\"]*t)|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t|(?:\s|<|>).*)|s[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*o[\\\\'\"]*k[\\\\'\"]*u[\\\\'\"]*p|t[\\\\'\"]*a[\\\\'\"]*t)|(?:a[\\\\'\"]*n[\\\\'\"]*o|i[\\\\'\"]*c[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|(?:o[\\\\'\"]*h[\\\\'\"]*u|m[\\\\'\"]*a)[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*)?(?:\s|<|>).*|u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|(?:a[\\\\'\"]*r|c[\\\\'\"]*p|p[\\\\'\"]*m)[\\\\'\"]*(?:\s|<|>).*|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|e[\\\\'\"]*(?:l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t|e[\\\\'\"]*(?:\s|<|>).*)|i[\\\\'\"]*m[\\\\'\"]*e[\\\\'\"]*(?:o[\\\\'\"]*u[\\\\'\"]*t|(?:\s|<|>).*)|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r[\\\\'\"]*(?:\s|<|>).*)|o[\\\\'\"]*(?:u[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|u[\\\\'\"]*(?:n[\\\\'\"]*(?:l[\\\\'\"]*(?:i[\\\\'\"]*n[\\\\'\"]*k[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*m[\\\\'\"]*a)|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932110) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:m[\"\^]*(?:y[\"\^]*s[\"\^]*q[\"\^]*l(?:[\"\^]*(?:d[\"\^]*u[\"\^]*m[\"\^]*p(?:[\"\^]*s[\"\^]*l[\"\^]*o[\"\^]*w)?|h[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*h[\"\^]*o[\"\^]*w))?|s[\"\^]*(?:i[\"\^]*(?:n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2|e[\"\^]*x[\"\^]*e[\"\^]*c)|c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|g[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*c)|o[\"\^]*(?:u[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|v[\"\^]*o[\"\^]*l)|v[\"\^]*e[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r|[dr][\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*i[\"\^]*n[\"\^]*k)|d[\"\^]*(?:s[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*d|(?:[\s,;]|\.|/|<|>).*)|a[\"\^]*p[\"\^]*i[\"\^]*s[\"\^]*e[\"\^]*n[\"\^]*d|b[\"\^]*s[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*i|e[\"\^]*a[\"\^]*s[\"\^]*u[\"\^]*r[\"\^]*e|m[\"\^]*s[\"\^]*y[\"\^]*s)|d[\"\^]*(?:i[\"\^]*(?:s[\"\^]*k[\"\^]*(?:(?:m[\"\^]*g[\"\^]*m|p[\"\^]*a[\"\^]*r)[\"\^]*t|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|r[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*e)|f[\"\^]*f[\"\^]*(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*(?:l[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*f|t[\"\^]*r[\"\^]*e[\"\^]*e|(?:[\s,;]|\.|/|<|>).*)|v[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c[\"\^]*o[\"\^]*n)|(?:f[\"\^]*r[\"\^]*a|b[\"\^]*u)[\"\^]*g)|s[\"\^]*(?:a[\"\^]*(?:c[\"\^]*l[\"\^]*s|d[\"\^]*d)|q[\"\^]*u[\"\^]*e[\"\^]*r[\"\^]*y|m[\"\^]*o[\"\^]*(?:v[\"\^]*e|d)|g[\"\^]*e[\"\^]*t|r[\"\^]*m)|(?:r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r|o[\"\^]*s[\"\^]*k[\"\^]*e)[\"\^]*y|(?:c[\"\^]*o[\"\^]*m[\"\^]*c[\"\^]*n[\"\^]*f|x[\"\^]*d[\"\^]*i[\"\^]*a)[\"\^]*g|a[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|n[\"\^]*s[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|c[\"\^]*(?:o[\"\^]*(?:m[\"\^]*(?:p[\"\^]*(?:(?:a[\"\^]*c[\"\^]*t[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|m[\"\^]*g[\"\^]*m[\"\^]*t)|e[\"\^]*x[\"\^]*p)|n[\"\^]*(?:2[\"\^]*p|v[\"\^]*e)[\"\^]*r[\"\^]*t|p[\"\^]*y)|l[\"\^]*(?:e[\"\^]*a[\"\^]*(?:n[\"\^]*m[\"\^]*g[\"\^]*r|r[\"\^]*m[\"\^]*e[\"\^]*m)|u[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*r)|h[\"\^]*(?:k[\"\^]*(?:n[\"\^]*t[\"\^]*f[\"\^]*s|d[\"\^]*s[\"\^]*k)|d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|s[\"\^]*(?:c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|c[\"\^]*m[\"\^]*d)|v[\"\^]*d[\"\^]*e)|e[\"\^]*r[\"\^]*t[\"\^]*(?:u[\"\^]*t[\"\^]*i[\"\^]*l|r[\"\^]*e[\"\^]*q)|a[\"\^]*(?:l[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|c[\"\^]*l[\"\^]*s)|m[\"\^]*d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|i[\"\^]*p[\"\^]*h[\"\^]*e[\"\^]*r|u[\"\^]*r[\"\^]*l)|f[\"\^]*(?:o[\"\^]*r[\"\^]*(?:m[\"\^]*a[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*n[\"\^]*d[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|s[\"\^]*t[\"\^]*r)|s[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|u[\"\^]*t[\"\^]*i[\"\^]*l)|t[\"\^]*(?:p[\"\^]*(?:[\s,;]|\.|/|<|>).*|y[\"\^]*p[\"\^]*e)|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|c[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*r[\"\^]*e[\"\^]*p)|n[\"\^]*(?:e[\"\^]*t[\"\^]*(?:s[\"\^]*(?:t[\"\^]*a[\"\^]*t|v[\"\^]*c|h)|(?:[\s,;]|\.|/|<|>).*|c[\"\^]*a[\"\^]*t|d[\"\^]*o[\"\^]*m)|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|r[\"\^]*i[\"\^]*g[\"\^]*h[\"\^]*t[\"\^]*s)|(?:s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u|m[\"\^]*a)[\"\^]*p|c[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|a[\"\^]*t)|b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|e[\"\^]*(?:x[\"\^]*(?:p[\"\^]*(?:a[\"\^]*n[\"\^]*d[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*r[\"\^]*e[\"\^]*r)|i[\"\^]*t)|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*(?:c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e|v[\"\^]*w[\"\^]*r)|n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|g[\"\^]*r[\"\^]*e[\"\^]*p|r[\"\^]*a[\"\^]*s[\"\^]*e|c[\"\^]*h[\"\^]*o)|g[\"\^]*(?:a[\"\^]*t[\"\^]*h[\"\^]*e[\"\^]*r[\"\^]*n[\"\^]*e[\"\^]*t[\"\^]*w[\"\^]*o[\"\^]*r[\"\^]*k[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*(?:(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l|e[\"\^]*d[\"\^]*i)[\"\^]*t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932115) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:s[\"\^]*(?:y[\"\^]*s[\"\^]*(?:t[\"\^]*e[\"\^]*m[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*t[\"\^]*i[\"\^]*e[\"\^]*s[\"\^]*(?:d[\"\^]*a[\"\^]*t[\"\^]*a[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*p[\"\^]*r[\"\^]*e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|(?:p[\"\^]*e[\"\^]*r[\"\^]*f[\"\^]*o[\"\^]*r[\"\^]*m[\"\^]*a[\"\^]*n[\"\^]*c|h[\"\^]*a[\"\^]*r[\"\^]*d[\"\^]*w[\"\^]*a[\"\^]*r)[\"\^]*e|a[\"\^]*d[\"\^]*v[\"\^]*a[\"\^]*n[\"\^]*c[\"\^]*e[\"\^]*d)|i[\"\^]*n[\"\^]*f[\"\^]*o)|k[\"\^]*e[\"\^]*y|d[\"\^]*m)|h[\"\^]*(?:o[\"\^]*(?:w[\"\^]*(?:g[\"\^]*r[\"\^]*p|m[\"\^]*b[\"\^]*r)[\"\^]*s|r[\"\^]*t[\"\^]*c[\"\^]*u[\"\^]*t)|e[\"\^]*l[\"\^]*l[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*a[\"\^]*s|u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|r[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*w|a[\"\^]*r[\"\^]*e|i[\"\^]*f[\"\^]*t)|e[\"\^]*(?:t[\"\^]*(?:(?:x[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l)|c[\"\^]*p[\"\^]*o[\"\^]*l|l[\"\^]*e[\"\^]*c[\"\^]*t)|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|l[\"\^]*i[\"\^]*s[\"\^]*t)|u[\"\^]*b[\"\^]*(?:i[\"\^]*n[\"\^]*a[\"\^]*c[\"\^]*l|s[\"\^]*t)|t[\"\^]*a[\"\^]*r[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|i[\"\^]*g[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f|l[\"\^]*(?:e[\"\^]*e[\"\^]*p|m[\"\^]*g[\"\^]*r)|o[\"\^]*r[\"\^]*t|f[\"\^]*c|v[\"\^]*n)|p[\"\^]*(?:s[\"\^]*(?:s[\"\^]*(?:h[\"\^]*u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|e[\"\^]*r[\"\^]*v[\"\^]*i[\"\^]*c[\"\^]*e|u[\"\^]*s[\"\^]*p[\"\^]*e[\"\^]*n[\"\^]*d)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:g[\"\^]*e[\"\^]*d[\"\^]*o[\"\^]*n|l[\"\^]*i[\"\^]*s[\"\^]*t)|i[\"\^]*s[\"\^]*t)|p[\"\^]*(?:a[\"\^]*s[\"\^]*s[\"\^]*w[\"\^]*d|i[\"\^]*n[\"\^]*g)|g[\"\^]*e[\"\^]*t[\"\^]*s[\"\^]*i[\"\^]*d|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*i[\"\^]*l[\"\^]*e|i[\"\^]*n[\"\^]*f[\"\^]*o|k[\"\^]*i[\"\^]*l[\"\^]*l)|o[\"\^]*(?:w[\"\^]*e[\"\^]*r[\"\^]*(?:s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l(?:[\"\^]*_[\"\^]*i[\"\^]*s[\"\^]*e)?|c[\"\^]*f[\"\^]*g)|r[\"\^]*t[\"\^]*q[\"\^]*r[\"\^]*y|p[\"\^]*d)|r[\"\^]*(?:i[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|b[\"\^]*r[\"\^]*m)|n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|m[\"\^]*n[\"\^]*g[\"\^]*r)|o[\"\^]*m[\"\^]*p[\"\^]*t)|a[\"\^]*t[\"\^]*h[\"\^]*(?:p[\"\^]*i[\"\^]*n[\"\^]*g|(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*r[\"\^]*(?:l(?:[\"\^]*(?:s[\"\^]*h|5))?|f[\"\^]*m[\"\^]*o[\"\^]*n)|y[\"\^]*t[\"\^]*h[\"\^]*o[\"\^]*n(?:[\"\^]*(?:3(?:[\"\^]*m)?|2))?|k[\"\^]*g[\"\^]*m[\"\^]*g[\"\^]*r|h[\"\^]*p(?:[\"\^]*[57])?|u[\"\^]*s[\"\^]*h[\"\^]*d|i[\"\^]*n[\"\^]*g)|r[\"\^]*(?:e[\"\^]*(?:(?:p[\"\^]*l[\"\^]*a[\"\^]*c[\"\^]*e|n(?:[\"\^]*a[\"\^]*m[\"\^]*e)?|s[\"\^]*e[\"\^]*t)[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*(?:s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2|e[\"\^]*d[\"\^]*i[\"\^]*t|(?:[\s,;]|\.|/|<|>).*|i[\"\^]*n[\"\^]*i)|c[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c|o[\"\^]*v[\"\^]*e[\"\^]*r)|k[\"\^]*e[\"\^]*y[\"\^]*w[\"\^]*i[\"\^]*z)|u[\"\^]*(?:n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|a[\"\^]*s)|b[\"\^]*y[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))|a[\"\^]*(?:s[\"\^]*(?:p[\"\^]*h[\"\^]*o[\"\^]*n[\"\^]*e|d[\"\^]*i[\"\^]*a[\"\^]*l)|r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*r[\"\^]*e)|o[\"\^]*(?:u[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)|s[\"\^]*(?:t[\"\^]*r[\"\^]*u[\"\^]*i|y[\"\^]*n[\"\^]*c)|d[\"\^]*(?:[\s,;]|\.|/|<|>).*)|t[\"\^]*(?:a[\"\^]*(?:s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*c[\"\^]*h[\"\^]*d|m[\"\^]*g[\"\^]*r)|k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n)|(?:i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u|p[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*i|e[\"\^]*l[\"\^]*n[\"\^]*e|l[\"\^]*i[\"\^]*s)[\"\^]*t|s[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c[\"\^]*o|s[\"\^]*h[\"\^]*u[\"\^]*t[\"\^]*d)[\"\^]*n|y[\"\^]*p[\"\^]*e[\"\^]*(?:p[\"\^]*e[\"\^]*r[\"\^]*f|(?:[\s,;]|\.|/|<|>).*)|r[\"\^]*(?:a[\"\^]*c[\"\^]*e[\"\^]*
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932120) Executing operator "PmFromFile" with param "windows-powershell-commands.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932130) Executing operator "Rx" with param "(?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932140) Executing operator "Rx" with param "\b(?:if(?:/i)?(?: not)?(?: exist\b| defined\b| errorlevel\b| cmdextversion\b|(?: |\().*(?:\bgeq\b|\bequ\b|\bneq\b|\bleq\b|\bgtr\b|\blss\b|==))|for(/[dflr].*)* %+[^ ]+ in\(.*\)\s?do)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932150) Executing operator "Rx" with param "(?:^|=)\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m)|w[\\\\'\"]*p(?:[\\\\'\"]*-[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d)?|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|y[\\\\'\"]*n[\\\\'\"]*x)|s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d)|h(?:[\\\\'\"]*\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b)?|o[\\\\'\"]*(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|f[\\\\'\"]*t[\\\\'\"]*p|u[\\\\'\"]*d[\\\\'\"]*o|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|k[\\\\'\"]*(?:e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*v|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|e[\\\\'\"]*r[\\\\'\"]*l(?:[\\\\'\"]*5)?|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g)|n[\\\\'\"]*(?:c(?:[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|a[\\\\'\"]*t))?|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t)|o[\\\\'\"]*h[\\\\'\"]*u[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|i[\\\\'\"]*m[\\\\'\"]*e(?:[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t)?|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r)|e[\\\\'\"]*l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|m[\\\\'\"]*(?:u[\\\\'\"]*s[\\\\'\"]*e|d[\\\\'\"]*i)[\\\\'\"]*r|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c|c[\\\\'\"]*p)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932160) Executing operator "PmFromFile" with param "unix-shell.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932170) Executing operator "Rx" with param "^\(\s*\)\s+{" against REQUEST_LINE.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecode: "*/*"
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecode: "www.example.net"
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecode: "https://www.google.co.uk/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecode: "GET /help/contact-us/ HTTP/1.1"
[155964078234.257610] [/help/contact-us/] [9] Target value: "GET /help/contact-us/ HTTP/1.1" (Variable: REQUEST_LINE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932171) Executing operator "Rx" with param "^\(\s*\)\s+{" against FILES_NAMES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 932014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '932016' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '932018' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933100) Executing operator "Rx" with param "(?:<\?(?!xml\s)|<\?php|\[(?:/|\\\\)?php\])" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933110) Executing operator "Rx" with param ".*\.(?:php\d*|phtml)\.*$" against REQUEST_HEADERS:X-File-Name.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933120) Executing operator "PmFromFile" with param "php-config-directives.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933130) Executing operator "PmFromFile" with param "php-variables.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933140) Executing operator "Rx" with param "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933150) Executing operator "PmFromFile" with param "php-function-names-933150.data" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "/help/contact-us/"
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_FILENAME)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933160) Executing operator "Rx" with param "(?i)\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|b(?:(?:son_(?:de|en)|ase64_en)code|zopen)|var_dump)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_FILENAME)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933170) Executing operator "Rx" with param "[oOcC]:\d+:\".+?\":\d+:{.*}" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
[155964078234.257610] [/help/contact-us/] [9] Target value: "www.example.net" (Variable: REQUEST_HEADERS:Host)
[155964078234.257610] [/help/contact-us/] [9] Target value: "https://www.google.co.uk/" (Variable: REQUEST_HEADERS:referrer)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933180) Executing operator "Rx" with param "\$+(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+})(?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)*\(.*\)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9] Target value: "/help/contact-us/" (Variable: REQUEST_FILENAME)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 933014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933151' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933016' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933131' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933161' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933111' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '933018' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 7 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941100) Executing operator "DetectXSS against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9] libinjection was not able to find any XSS in: curl/7.29.0
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941110) Executing operator "Rx" with param "(?i)([<<]script[^>>]*[>>][\s\S]*?)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941120) Executing operator "Rx" with param "(?i)([\s\"'`;\/0-9\=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941130) Executing operator "Rx" with param "(?i)[\s\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\/html|pattern(?=.*?=)|formaction|\@import|base64)\b" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941140) Executing operator "Rx" with param "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941160) Executing operator "Rx" with param "(?i)<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*?s\W*?c\W*?r\W*?i\W*?p\W*?t|\W*?f\W*?o\W*?r\W*?m|\W*?s\W*?t\W*?y\W*?l\W*?e|\W*?s\W*?v\W*?g|\W*?m\W*?a\W*?r\W*?q\W*?u\W*?e\W*?e|(?:\W*?l\W*?i\W*?n\W*?k|\W*?o\W*?b\W*?j\W*?e\W*?c\W*?t|\W*?e\W*?m\W*?b\W*?e\W*?d|\W*?a\W*?p\W*?p\W*?l\W*?e\W*?t|\W*?p\W*?a\W*?r\W*?a\W*?m|\W*?i?\W*?f\W*?r\W*?a\W*?m\W*?e|\W*?b\W*?a\W*?s\W*?e|\W*?b\W*?o\W*?d\W*?y|\W*?m\W*?e\W*?t\W*?a|\W*?i\W*?m\W*?a?\W*?g\W*?e?|\W*?v\W*?i\W*?d\W*?e\W*?o|\W*?a\W*?u\W*?d\W*?i\W*?o|\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|\W*?s\W*?e\W*?t|\W*?a\W*?n\W*?i\W*?m\W*?a\W*?t\W*?e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\x08]*?=" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941170) Executing operator "Rx" with param "(?i)(?:\W|^)(?:javascript:(?:[\s\S]+[=\\\(\[\.<]|[\s\S]*?(?:\bname\b|\\[ux]\d))|data:(?:(?:[a-z]\w+\/\w[\w+-]+\w)?[;,]|[\s\S]*?;[\s\S]*?\b(?:base64|charset=)|[\s\S]*?,[\s\S]*?<[\s\S]*?\w[\s\S]*?>))|@\W*?i\W*?m\W*?p\W*?o\W*?r\W*?t\W*?(?:\/\*[\s\S]*?)?(?:[\"']|\W*?u\W*?r\W*?l[\s\S]*?\()|\W*?-\W*?m\W*?o\W*?z\W*?-\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g[\s\S]*?:[\s\S]*?\W*?u\W*?r\W*?l[\s\S]*?\(" against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:htmlEntityDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:jsDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:cssDecode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941180) Executing operator "Pm" with param "document.cookie document.write .parentnode .innerhtml window.location -moz-binding <!-- --> <![cdata[" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941190) Executing operator "Rx" with param "(?i:<style.*?>.*?((@[i\\\\])|(([:=]|(&#x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&#x?0*((40)|(28)|(92)|(5C));?)))))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941200) Executing operator "Rx" with param "(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941210) Executing operator "Rx" with param "(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941220) Executing operator "Rx" with param "(?i:(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(b|(&#x?0*((66)|(42)|(98)|(62));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941230) Executing operator "Rx" with param "(?i:<EMBED[\s/+].*?((src)|(type)).*?=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941240) Executing operator "Rx" with param "<[?]?import[\s\/+\S]*?implementation[\s\/+]*?=" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941250) Executing operator "Rx" with param "(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\"\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941260) Executing operator "Rx" with param "(?i:<META[\s/+].*?charset[\s/+]*=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941270) Executing operator "Rx" with param "(?i:<LINK[\s/+].*?href[\s/+]*=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941280) Executing operator "Rx" with param "(?i:<BASE[\s/+].*?href[\s/+]*=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941290) Executing operator "Rx" with param "(?i:<APPLET[\s/+>])" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941300) Executing operator "Rx" with param "(?i:<OBJECT[\s/+].*?((type)|(codetype)|(classid)|(code)|(data))[\s/+]*=)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941310) Executing operator "Rx" with param "(?:¾|¼).*(?:¾|¼|>)|(?:¾|¼|<).*(?:¾|¼)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941350) Executing operator "Rx" with param "(?:\+ADw\-|\+AD4\-).*(?:\+ADw\-|\+AD4\-|>)|(?:\+ADw\-|\+AD4\-|<).*(?:\+ADw\-|\+AD4\-)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 941014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941101' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941150' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941320' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941330' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941340' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941016' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '941018' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 8 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942100) Executing operator "DetectSQLi against XML:/*.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:utf8toUnicode: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:urlDecodeUni: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeNulls: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:removeComments: "curl/7.29.0"
[155964078234.257610] [/help/contact-us/] [9] multiMatch is enabled. 1 values to be tested.
[155964078234.257610] [/help/contact-us/] [9] Target value: "curl/7.29.0" (Variable: REQUEST_HEADERS:User-Agent)
[155964078234.257610] [/help/contact-us/] [9] detected SQLi: not able to find an inject on 'curl/7.29.0'
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942140) Executing operator "Rx" with param "(?i:\b(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)\b|s(?:ys(?:\.database_name|aux)\b|chema(?:\W*\(|_name\b)|qlite(_temp)?_master\b)|d(?:atabas|b_nam)e\W*\(|information_schema\b|pg_(catalog|toast)\b|northwind\b|tempdb\b))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942160) Executing operator "Rx" with param "(?i:(sleep\((\s*?)(\d*?)(\s*?)\)|benchmark\((.*?)\,(.*?)\)))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942170) Executing operator "Rx" with param "(?i:(?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*?\(?\s*?\w+))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942190) Executing operator "Rx" with param "(?i:(?:\s*?(?:exec|execute).*?(?:\W)xp_cmdshell)|(?:[\"'`]\s*?!\s*?[\"'`\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*?\([^\)]*?)|(?:[\"'`];?\s*?(?:select|union|having)\b\s*?[^\s])|(?:\wiif\s*?\()|(?:(?:exec|execute)\s+master\.)|(?:union select @)|(?:union[\w(\s]*?select)|(?:select.*?\w?user\()|(?:into[\s+]+(?:dump|out)file\s*?[\"'`]))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942220) Executing operator "Rx" with param "(?i:(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942230) Executing operator "Rx" with param "(?i:(?:[\s()]case\s*?\()|(?:\)\s*?like\s*?\()|(?:having\s*?[^\s]+\s*?[^\w\s])|(?:if\s?\([\d\w]\s*?[=<>~]))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942240) Executing operator "Rx" with param "(?i:(?:alter\s*?\w+.*?(?:character|char)\s+set\s+\w+)|([\"'`];*?\s*?waitfor\s+(?:time|delay)\s+[\"'`])|(?:[\"'`];.*?:\s*?goto))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942250) Executing operator "Rx" with param "(?i:(?:merge.*?using\s*?\()|(execute\s*?immediate\s*?[\"'`])|(?:match\s*?[\w(),+-]+\s*?against\s*?\())" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942270) Executing operator "Rx" with param "(?i:(?:(union(.*?)select(.*?)from)))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942280) Executing operator "Rx" with param "(?i:(?:select\s*?pg_sleep)|(?:waitfor\s*?delay\s?[\"'`]+\s?\d)|(?:;\s*?shutdown\s*?(?:;|--|#|\/\*|{)))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942290) Executing operator "Rx" with param "(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942320) Executing operator "Rx" with param "(?i:(?:procedure\s+analyse\s*?\()|(?:;\s*?(declare|open)\s+[\w-]+)|(?:create\s+(procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-)|(?:declare[^\w]+[@#]\s*?\w+)|(exec\s*?\(\s*?@))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942350) Executing operator "Rx" with param "(?i:(?:create\s+function\s+.+\s+returns)|(?:;\s*?(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*?[\[(]?\w{2,}))" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942360) Executing operator "Rx" with param "(?i:(?:[\d\W]\s+as\s*?[\"'`\w]+\s*?from)|(?:^[\W\d]+\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*?\);)|([\"'`]\s+regexp\W)|(?:[\s(]load_file\s*?\())" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 942014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942110' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942120' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942130' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942150' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942180' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942200' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942210' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942260' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942300' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942310' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942330' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942340' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942370' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942380' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942390' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942400' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942410' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942430' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942440' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942450' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942016' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942251' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942420' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942431' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942460' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942018' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942421' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '942432' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 29 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943100) Executing operator "Rx" with param "(?i)(?:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)" against XML:/*.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943110) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943120) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 943014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '943016' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '943018' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949100) Executing operator "Eq" with param "1" against IP:REPUT_BLOCK_FLAG.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949110) Executing operator "Ge" with param "5" Was: "" against TX:ANOMALY_SCORE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:ANOMALY_SCORE)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 949014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '949016' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '949018' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-REQUEST-949-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 980012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 980014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: log
[155964078234.257610] [/help/contact-us/] [9] Saving transaction to logs
[155964078234.257610] [/help/contact-us/] [9] Running action: auditlog
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '980016' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '980018' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-980-CORRELATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] Starting phase RESPONSE_HEADERS. (SecRules 3)
[155964078234.257610] [/help/contact-us/] [9] This phase consists of 56 rule(s).
[155964078234.257610] [/help/contact-us/] [4] (Rule: 950020) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 950013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '950015' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '950017' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '951015' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '951017' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '952015' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '952017' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '953015' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '953017' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '954015' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '954017' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 959011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 959013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-959-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '959015' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '959017' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-959-BLOCKING-EVALUATION
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [9] Appending response body: 170 bytes. Limit set to: 0.000000
[155964078234.257610] [/help/contact-us/] [9] Appending response body: 170 bytes. Limit set to: 0.000000
[155964078234.257610] [/help/contact-us/] [4] Starting phase RESPONSE_BODY. (SecRules 4)
[155964078234.257610] [/help/contact-us/] [9] This phase consists of 85 rule(s).
[155964078234.257610] [/help/contact-us/] [4] (Rule: 950021) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 950130) Executing operator "Rx" with param "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 950014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '950100' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '950016' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '950022' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 4 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951100) Executing operator "PmFromFile" with param "sql-errors.data" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951110) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951120) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951130) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951140) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951150) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951160) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951170) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951180) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951190) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951200) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951210) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951220) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951230) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951240) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951250) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951260) Executing operator "Eq" with param "1" against TX:sql_error_match.
[155964078234.257610] [/help/contact-us/] [9] Target value: "0" (Variable: TX:sql_error_match)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 951014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '951016' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '951018' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952100) Executing operator "PmFromFile" with param "java-code-leakages.data" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952110) Executing operator "PmFromFile" with param "java-errors.data" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 952014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '952016' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '952018' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953100) Executing operator "PmFromFile" with param "php-errors.data" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [7] Added pm match TX.0: </b> on line <b>
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:msg with value: PHP Information Leakage
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:outbound_anomaly_score with value: 4
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:anomaly_score with value: 4
[155964078234.257610] [/help/contact-us/] [4] Running [independent] (non-disruptive) action: setvar
[155964078234.257610] [/help/contact-us/] [8] Saving variable: TX:-OWASP_CRS/LEAKAGE/ERRORS-RESPONSE_BODY with value: </b> on line <b>
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 3 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: PHP Information Leakage
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: application-multi
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: language-php
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: platform-multi
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: attack-disclosure
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: OWASP_CRS/LEAKAGE/ERRORS_PHP
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: WASCTC/WASC-13
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: OWASP_TOP_10/A6
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: PCI/6.5.6
[155964078234.257610] [/help/contact-us/] [9] Running action: ctl
[155964078234.257610] [/help/contact-us/] [9] Running action: block
[155964078234.257610] [/help/contact-us/] [8] Marking request as disruptive.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953110) Executing operator "Rx" with param "(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\$_(?:(?:pos|ge)t|session))\b" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953120) Executing operator "Rx" with param "<\?(?!xml)" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 953014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '953016' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '953018' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954100) Executing operator "Rx" with param "[a-z]:\\\\inetpub\b" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9]  T (0) t:lowercase: "<br />
<b>notice</b>:  undefined index: rewritecode in <b>/var/www/html/example/r (90 characters omitted)"
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>notice</b>:  undefined index: rewritecode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954110) Executing operator "Rx" with param "(?:Microsoft OLE DB Provider for SQL Server(?:<\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| \(0x80040e31\)<br>Timeout expired<br>)|<h1>internal server error<\/h1>.*?<h2>part of the server has crashed or it has a configuration error\.<\/h2>|cannot connect to the server: timed out)" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954120) Executing operator "Rx" with param "(?:\b(?:A(?:DODB\.Command\b.{0,100}?\b(?:Application uses a value of the wrong type for the current operation\b|error')| trappable error occurred in an external object\. The script cannot continue running\b)|Microsoft VBScript (?:compilation (?:\(0x8|error)|runtime (?:Error|\(0x8))\b|Object required: '|error '800)|<b>Version Information:<\/b>(?:&nbsp;|\s)(?:Microsoft \.NET Framework|ASP\.NET) Version:|>error 'ASP\b|An Error Has Occurred|>Syntax error in string in query expression|\/[Ee]rror[Mm]essage\.aspx?\?[Ee]rror\b)" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954130) Executing operator "Rx" with param "^404$" against RESPONSE_STATUS.
[155964078234.257610] [/help/contact-us/] [9] Target value: "301" (Variable: RESPONSE_STATUS)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [9] This rule severity is: 3 current transaction is: 2
[155964078234.257610] [/help/contact-us/] [9] Saving msg: IIS Information Leakage
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Executing chained rule.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 0) Executing operator "Rx" with param "\bServer Error in.{0,50}?\bApplication\b" against RESPONSE_BODY.
[155964078234.257610] [/help/contact-us/] [9] Target value: "<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example (96 characters omitted)" (Variable: RESPONSE_BODY)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 0.
[155964078234.257610] [/help/contact-us/] [9] Matched vars cleaned.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 954014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
[155964078234.257610] [/help/contact-us/] [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [9] Running action: nolog
[155964078234.257610] [/help/contact-us/] [9] Running action: skipAfter
[155964078234.257610] [/help/contact-us/] [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: pass.
[155964078234.257610] [/help/contact-us/] [8] Running action pass
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '954016' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '954018' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: 
[155964078234.257610] [/help/contact-us/] [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
[155964078234.257610] [/help/contact-us/] [4] Out of a SecMarker after skip 3 rules.
[155964078234.257610] [/help/contact-us/] [4] (Rule: 959100) Executing operator "Ge" with param "4" Was: "" against TX:OUTBOUND_ANOMALY_SCORE.
[155964078234.257610] [/help/contact-us/] [9] Target value: "4" (Variable: TX:OUTBOUND_ANOMALY_SCORE)
[155964078234.257610] [/help/contact-us/] [9] Matched vars updated.
[155964078234.257610] [/help/contact-us/] [9] Saving msg: Outbound Anomaly Score Exceeded (Total Score: 4)
[155964078234.257610] [/help/contact-us/] [4] Rule returned 1.
[155964078234.257610] [/help/contact-us/] [4] Running (non-disruptive) action: tag
[155964078234.257610] [/help/contact-us/] [9] Rule tag: anomaly-evaluation
[155964078234.257610] [/help/contact-us/] [4] Running (disruptive)     action: deny.
[155964078234.257610] [/help/contact-us/] [8] Running action deny
[155964078234.257610] [/help/contact-us/] [8] Skipping this phase as this request was already intercepted.

Note: I have changed the website to example.net, so if you see the word example this was originally the websites name. I have also changed the upstream IP to 8.8.8.8 and the listen IP to 1.1.1.1

  1. Error logs 
    2019/06/04 10:33:02 [info] 40612#40612: *53903 ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `php-errors.data' against variable `RESPONSE_BODY' (Value: `<br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example/releases/beff49335 (76 characters omitted)' ) [file "/etc/nginx/owasp/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "25"] [id "953100"] [rev "3"] [msg "PHP Information Leakage"] [data "Matched Data: </b> on line <b> found within RESPONSE_BODY: <br />\x0a<b>Notice</b>:  Undefined index: rewriteCode in <b>/var/www/html/example/releases/beff49335114/dc/frontend/frontend_functions.inc.php</b> on line <b>1165</b><br />\x0a"] [severity "3"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "OWASP_CRS/LEAKAGE/ERRORS_PHP"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "1.1.1.1"] [uri "/help/contact-us/"] [unique_id "155964078234.257610"] [ref "o139,16v124,170"] while sending to client, client: 1.1.1.1, server: www.example.net, request: "GET /help/contact-us/ HTTP/1.1", upstream: "https://8.8.8.8:443/help/contact-us/", host: "www.example.net"
2019/06/04 10:33:02 [error] 40612#40612: *53903 [client 1.1.1.1] ModSecurity: Access denied with code 403 (phase 4). Matched "Operator `Ge' with parameter `4' against variable `TX:OUTBOUND_ANOMALY_SCORE' (Value: `4' ) [file "/etc/nginx/owasp/rules/RESPONSE-959-BLOCKING-EVALUATION.conf"] [line "26"] [id "959100"] [rev ""] [msg "Outbound Anomaly Score Exceeded (Total Score: 4)"] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "1.1.1.1"] [uri "/help/contact-us/"] [unique_id "155964078234.257610"] [ref ""] while sending to client, client: 1.1.1.1, server: www.example.net, request: "GET /help/contact-us/ HTTP/1.1", upstream: "https://8.8.8.8:443/help/contact-us/", host: "www.example.net"

    Note: I have changed the website to example.net, so if you see the word example this was originally the websites name. I have also changed the upstream IP to 8.8.8.8 and the listen IP to 1.1.1.1

To Reproduce

[root@6 ~]# curl https://1.1.1.1/help/contact-us/ -H "Host: www.example.net" -H "referrer: https://www.google.co.uk/" -k
curl: (52) Empty reply from server

Looking at the nginx response in the access log this gives a 500 error

1.1.1.1 - - [04/Jun/2019:10:33:02 +0100] "GET /help/contact-us/ HTTP/1.1" 500 0 "-" "curl/7.29.0" "-" - 0.088 443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 1.1.1.1 www.example.net server.hostname "8.8.8.8:443 : 127.0.0.1:9000" "301 : -" "0.088 : 0.000" "170 : 0" . - "0105de0d0d99dc1b1c1e666a374b56ea"

Expected behavior

I would expect the above command to give back a 403.

Server (please complete the following information):

Rule Set (please complete the following information):

zimmerle commented 5 years ago

Hi @ledzepp4eva,

Thank you for detailed your report. The reason for that is the fact that when this rule was trigged, the response headers were already delivered to the client. The user likely got the original HTTP response code, and later nginx finalized the request with a 500, whenever ModSecurity rule matched.

This problem is not actually related to libModSecurity but to the nginx connector. There was an issue opened to treat that specific case: SpiderLabs/ModSecurity-nginx#41

I am closing this in favor of SpiderLabs/ModSecurity-nginx#41. Making a reference there as the problem is very well documented here.