nanchen114

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:resolution|!ARGS:tiny_vals|!ARGS:\/description/|!ARGS:title|!ARGS:/content/|!ARGS:/title/|!ARGS:/systemfilter/|!ARGS:parent_name|!ARGS:/^config_setting/|!ARGS:name|!ARGS:v_zZ_ConfDir|!ARGS:/keyword/|!ARGS:/desc/|!ARGS:/summary/|!ARGS:csum|!ARGS:suffix|!ARGS:prefix|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/search/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/data/ "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini|web.config)\b|( |^|\.\.)/etc/|/\.(?:history|bash_history|sh_history|env)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:cmdLine,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Attempt to access protected file remotely',id:'390709',rev:30,logdata:'%{TX.0}',severity:'2'"