--- /dev/null
+[Attempt to access forbidden directory index.]
+log 1 pass = [error] [client 80.230.208.105] Directory index forbidden by rule: /home/
+rule = 30106
+alert = 5
+decoder = apache-errorlog
+
+[Code Red attack]
+log 1 pass = [error] [client 64.94.163.159] Client sent malformed Host header
+rule = 30107
+alert = 6
+decoder = apache-errorlog
+
+[Attempt to access an non-existent file]
+log 1 pass = [error] [client 66.31.142.16] File does not exist: /var/www/html/default.ida
+rule = 30112
+alert = 0
+decoder = apache-errorlog
+
+[Apache notice messages grouped]
+log 1 pass = [notice] Apache configured
+rule = 30103
+alert = 0
+decoder = apache-errorlog
+
+[Apache 2.2 error messages grouped]
+log 1 pass = [Fri Dec 13 06:59:54 2013] [error] [client 12.34.65.78] PHP Notice:
+rule = 30101
+alert = 0
+decoder = apache-errorlog
+
+[Apache 2.4 error messages grouped]
+log 1 pass = [Tue Sep 30 11:30:13.262255 2014] [core:error] [pid 20101] [client 99.47.227.95:34567] AH00037: Symbolic link not allowed or link target not accessible: /usr/share/awstats/icon/mime/document.png
+log 2 pass = [Tue Sep 30 12:11:21.258612 2014] [ssl:error] [pid 30473] AH02032: Hostname www.example.com provided via SNI and hostname ssl://www.example.com provided via HTTP are different
+rule = 30301
+alert = 0
+decoder = apache-errorlog
+
+[Apache 2.4 warn messages grouped]
+log 1 pass = [Tue Sep 30 12:24:22.891366 2014] [proxy:warn] [pid 2331] [client 77.127.180.111:54082] AH01136: Unescaped URL path matched ProxyPass; ignoring unsafe nocanon, referer: http://www.easylinker.co.il/he/links.aspx?user=bguyb
+rule = 30302
+alert = 0
+decoder = apache-errorlog
+
+[Attempt to access forbidden file or directory]
+log 1 pass = [Tue Sep 30 14:25:44.895897 2014] [authz_core:error] [pid 31858] [client 99.47.227.95:38870] AH01630: client denied by server configuration: /var/www/example.com/docroot/
+rule = 30305
+alert = 5
+decoder = apache-errorlog
+
+[Apache messages grouped]
+log 1 pass = [Thu Oct 23 15:17:55.926067 2014] [ssl:info] [pid 18838] [client 36.226.119.49:2359] AH02008: SSL library error 1 in handshake (server www.example.com:443)
+log 2 pass = [Thu Oct 23 15:17:55.926123 2014] [ssl:info] [pid 18838] SSL Library Error: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request -- speaking HTTP to HTTPS port!?
+rule = 30100
+alert = 0
+decoder = apache-errorlog
+
+[PHP Notices in Apache 2.4 errorlog]
+log 1 pass = [Sun Nov 23 18:49:01.713508 2014] [:error] [pid 15816] [client 141.8.147.9:51507] PHP Notice: A non well formed numeric value encountered in /path/to/file.php on line 123
+rule = 30318
+alert = 5
+decoder = apache-errorlog
+
+[auth fail]
+log 1 pass = [Tue Feb 07 08:50:22.679122 2017] [auth_basic:error] [pid 14446] [client 10.101.1.50:33168] AH01617: user pupkin: authentication failure for "/secret/": Password Mismatch
+rule = 30308
+alert = 5
+decoder = apache-errorlog
+
+[script 404]
+log 1 pass = [Tue Feb 07 02:43:19.799723 2017] [cgi:error] [pid 9721] [client 10.101.1.50:44324] AH02811: script not found or unable to stat: /var/www/html/showmail.pl
+rule = 30321
+alert = 2
+decoder = apache-errorlog
+
+[permission denied]
+log 1 pass = [Thu Feb 02 01:44:27.699327 2017] [access_compat:error] [pid 7934] [client ::1:50058] AH01797: client denied by server configuration: /var/www/html/'
+log 2 pass = [Thu Feb 02 00:59:02.285651 2017] [core:error] [pid 20009] (13)Permission denied: [client ::1:49934] AH00132: file permissions deny server access: /var/www/html/1
+rule = 30320
+alert = 2
+decoder = apache-errorlog
+
projects / ossec-hids.git / blobdiff