X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=etc%2Frules%2Fweb_rules.xml;h=9f0b00e06d9c835d2144542150779e152ecb70f5;hp=ff185a2d50f3f81c4e54900aa4c9a627b5e818e6;hb=301048b51990573e58a30dc4a5bb4ec285cad554;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a
diff --git a/etc/rules/web_rules.xml b/etc/rules/web_rules.xml
index ff185a2..9f0b00e 100755
--- a/etc/rules/web_rules.xml
+++ b/etc/rules/web_rules.xml
@@ -1,4 +1,4 @@
-
-
+ .jpg$|.gif$|favicon.ico$|.png$|robots.txt$|.css$|.js$
+ is_simple_http_request
Ignored extensions on 400 error codes.
@@ -52,23 +53,23 @@
- %027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|..
+ %027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|..|
cmd.exe|root.exe|_mem_bin|msadc|/winnt/|
- /x90/|default.ida|/sumthin|nsiislog.dll|chmod%|wget%|cd%|
- cat%|exec%|rm%20
+ /x90/|default.ida|/sumthin|nsiislog.dll|chmod%|wget%|cd%20|
+ cat%20|exec%20|rm%20
Common web attack.
attack,
31100
- %3Cscript|%2Fscript|script>|script%3E|SRC=javascript|IMG%20|
+ %3Cscript|%3C%2Fscript|script>|script%3E|SRC=javascript|IMG%20|
%20ONLOAD=|INPUT%20|iframe%20
XSS (Cross Site Scripting) attempt.
attack,
-
+
31103, 31104, 31105
^200
A web attack returned code 200 (success).
@@ -80,7 +81,7 @@
-->
31103, 31104, 31105
- ^/search.php?search=|^index.php?searchword=
+ ^/search.php?search=|^/index.php?searchword=
Ignored URLs for the web attacks
@@ -120,6 +121,15 @@
alert_by_email
Web server 503 error code (Service unavailable).
+
+
+
+
+ 31101
+ is_valid_crawler
+ Ignoring google/msn/yahoo bots.
+
+
31101