diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/global.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/global.json
index c473226dd..9e0549ce6 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/global.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/global.json
@@ -1,17 +1,9 @@
{
"waf": {
- "state": "off",
+ "state": "on",
"mode": "protection",
"secret": ""
},
- "redis": {
- "state": "off",
- "host": "",
- "port": 6379,
- "password": "",
- "ssl": false,
- "poolSize": 10
- },
"ipWhite": {
"state": "on",
"type": "ipWhite",
@@ -47,7 +39,7 @@
"action": "deny"
},
"notFoundCount": {
- "state": "on",
+ "state": "off",
"type": "notFoundCount",
"threshold": 30,
"duration": 10,
@@ -62,14 +54,6 @@
"code": 444,
"action": "deny"
},
- "bot": {
- "state": "on",
- "type": "bot",
- "uri": "/1pwaf/bot/trap",
- "action": "REDIRECT_JS",
- "ipBlock": "on",
- "ipBlockTime": 600
- },
"unknownWebsite": {
"state": "on",
"type": "unknownWebsite",
@@ -104,7 +88,7 @@
"action": "deny"
},
"cc": {
- "state": "on",
+ "state": "off",
"type": "cc",
"rule": "cc",
"tokenTimeOut": 1800,
@@ -115,7 +99,7 @@
"ipBlockTime": 600,
"mode": "uri"
},
- "ccurl": {
+ "urlcc": {
"state": "off",
"type": "urlcc",
"action": "deny",
@@ -123,7 +107,7 @@
"ipBlockTime": 600
},
"attackCount": {
- "state": "on",
+ "state": "off",
"type": "attackCount",
"threshold": 10,
"duration": 60,
@@ -132,7 +116,7 @@
"ipBlockTime": 3000
},
"fileExt": {
- "state": "off",
+ "state": "on",
"action": "deny",
"code": 403,
"type": "fileExtCheck"
@@ -169,5 +153,22 @@
},
"cdn": {
"state": "off"
+ },
+ "vuln": {
+ "state": "on",
+ "type": "vulnCheck",
+ "code": 403,
+ "action": "deny"
+ },
+ "log": {
+ "maxDay": 180,
+ "maxSize": 1,
+ "external": ["acl","ipWhite","ipBlack","geoRestrict","urlWhite","urlBlack","uaWhite","uaBlack"]
+ },
+ "strict": {
+ "state": "on",
+ "type": "strict",
+ "code": 403,
+ "action": "deny"
}
}
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/monitor.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/monitor.json
index 6bd119205..5c996ef00 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/monitor.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/monitor.json
@@ -25,6 +25,7 @@
"ip": []
},
"log": {
- "maxDay": 180
+ "maxDay": 180,
+ "maxSize": 5
}
}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/siteConfig.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/siteConfig.json
index a489ce00c..19ed66cbf 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/siteConfig.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/siteConfig.json
@@ -21,14 +21,6 @@
"code": 403,
"action": "deny"
},
- "bot": {
- "type": "bot",
- "state": "on",
- "uri": "/1pwaf/bot/trap",
- "action": "deny",
- "ipBlock": "off",
- "ipBlockTime": 600
- },
"geoRestrict": {
"state": "off",
"rules": [],
@@ -61,13 +53,6 @@
"ipBlockTime": 600,
"mode": "uri"
},
- "ccurl": {
- "state": "on",
- "type": "ccurl",
- "action": "deny",
- "ipBlock": "off",
- "ipBlockTime": 600
- },
"fileExt": {
"state": "off",
"action": "deny",
@@ -94,5 +79,11 @@
},
"cdn": {
"state": "off"
+ },
+ "strict": {
+ "state": "on",
+ "type": "strict",
+ "code": 403,
+ "action": "deny"
}
}
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.conf b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.conf
index 7903ec5c4..6746d357c 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.conf
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.conf
@@ -1,10 +1,9 @@
lua_shared_dict waf_req_count 10m;
-lua_shared_dict waf 50m;
-lua_shared_dict waf_block_ip 10m;
-lua_shared_dict waf_ip_arr 20m;
+lua_shared_dict waf 200m;
+lua_shared_dict waf_block_ip 20m;
lua_shared_dict waf_limit 10m;
-lua_shared_dict waf_sql 200m;
-lua_shared_dict waf_locks 100k;
+lua_shared_dict waf_sql 300m;
+lua_shared_dict waf_locks 1m;
lua_code_cache on;
lua_package_path "/usr/local/openresty/1pwaf/?.lua;/usr/local/openresty/1pwaf/lib/?.lua;;";
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.json
index ab7668f0c..52f2b52bc 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/conf/waf.json
@@ -1,4 +1,4 @@
{
"name": "1Panel WAF",
- "version": "1.0.0"
+ "version": "2.0"
}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/db/global/default.db b/openresty/1.25.3.2-0-1-focal/1pwaf/data/db/global/default.db
new file mode 100644
index 000000000..f2150ed0d
Binary files /dev/null and b/openresty/1.25.3.2-0-1-focal/1pwaf/data/db/global/default.db differ
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/Halo.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/Halo.json
new file mode 100644
index 000000000..802aaaf42
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/Halo.json
@@ -0,0 +1,21 @@
+{
+ "name":"Halo",
+ "state": "on",
+ "rules": [
+ {
+ "type": "whiteUrl",
+ "pattern": "contain",
+ "values": [
+ "/apis/api.console.halo.run/v1alpha1/posts",
+ "/api/v1alpha1/configmaps/system",
+ "/apis/api.console.halo.run/v1alpha1/singlepage",
+ "/apis/api.console.halo.run/v1alpha1/attachments/upload"
+ ],
+ "check": {
+ "type": "cookie",
+ "pattern": "eq",
+ "values": ["SESSION"]
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/WordPress.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/WordPress.json
new file mode 100644
index 000000000..1b7983094
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/app/WordPress.json
@@ -0,0 +1,21 @@
+{
+ "name":"WordPress",
+ "state": "on",
+ "rules": [
+ {
+ "type": "whiteUrl",
+ "pattern": "eq",
+ "method": "POST",
+ "values": [
+ "/wp-admin/admin-ajax.php",
+ "/wp-admin/post.php",
+ "/wp-admin/admin.php"
+ ],
+ "check": {
+ "type": "cookie",
+ "pattern": "startWith",
+ "values": ["wordpress_logged_in_"]
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/global.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/global.json
index c473226dd..20f3e506d 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/global.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/default/global.json
@@ -4,14 +4,6 @@
"mode": "protection",
"secret": ""
},
- "redis": {
- "state": "off",
- "host": "",
- "port": 6379,
- "password": "",
- "ssl": false,
- "poolSize": 10
- },
"ipWhite": {
"state": "on",
"type": "ipWhite",
@@ -113,14 +105,16 @@
"action": "deny",
"ipBlock": "on",
"ipBlockTime": 600,
- "mode": "uri"
+ "mode": "uri",
+ "code": 403
},
- "ccurl": {
+ "urlcc": {
"state": "off",
"type": "urlcc",
"action": "deny",
"ipBlock": "on",
- "ipBlockTime": 600
+ "ipBlockTime": 600,
+ "code": 403
},
"attackCount": {
"state": "on",
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/BlackIP.mmdb b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/BlackIP.mmdb
new file mode 100644
index 000000000..d6ee4e194
Binary files /dev/null and b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/BlackIP.mmdb differ
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/GeoIP.mmdb b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/GeoIP.mmdb
new file mode 100644
index 000000000..ed062b8d3
Binary files /dev/null and b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/GeoIP.mmdb differ
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/SpiderIP.mmdb b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/SpiderIP.mmdb
new file mode 100644
index 000000000..241f102fc
Binary files /dev/null and b/openresty/1.25.3.2-0-1-focal/1pwaf/data/geo/SpiderIP.mmdb differ
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/5s.html b/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/5s.html
index 392bf66c4..c8a4ff276 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/5s.html
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/5s.html
@@ -2,12 +2,14 @@
5s
+
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/slide.html b/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/slide.html
index 6ac7d7596..04d55bda3 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/slide.html
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/html/slide.html
@@ -9,8 +9,7 @@
#dragHandler {position:absolute;width:40px;height:100%%;cursor:pointer;box-sizing:border-box;overflow:hidden;}
#dragHandler.dragHandlerBg {background-color:#c0c0c0;}
#dragHandler.dragHandlerBg::before {content:'»';font-size:24px;position:absolute;top:50%%;left:50%%;transform:translate(-50%%, -50%%);color:#7ac23c;}
-.dragHandlerOkBg {position:absolute;border-radius:50%%;background-color:#7ac23c;display:flex;justify-content:center;align-items:center;}
-.dragHandlerOkBg::before {content:'\2713';font-size:16px;color:white;}
+@media screen and (max-width: 768px) { #dragContainer {height: 40px;width: 90%%;} #dragText {line-height: 40px;font-size: 18px;} #dragHandler {width: 50px;} #dragHandler.dragHandlerBg::before {font-size: 28px;} }
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/args.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/args.json
index 60a5fa6af..ca00c3d5f 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/args.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/args.json
@@ -2,156 +2,51 @@
"rules": [
{
"state": "on",
- "name": "sqlInject1",
- "rule": "select.+(from|limit)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject2",
- "rule": "(?:(union(.*?)select))",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject3",
- "rule": "having|rongjitest",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject4",
+ "name": "000001",
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
"type": "sqlInject"
},
{
"state": "on",
- "name": "sqlInject5",
- "rule": "benchmark\\((.*)\\,(.*)\\)",
+ "name": "000002",
+ "rule": "(exists\\(|select\\#|\\(select|select\\()",
"type": "sqlInject"
},
{
"state": "on",
- "name": "sqlInject6",
- "rule": "group\\s+by.+\\(",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject7",
- "rule": "(?:from\\W+information_schema\\W)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject8",
- "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject9",
- "rule": "into(\\s+)+(?:dump|out)file\\s*",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject10",
- "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "args1",
- "rule": "xwork.MethodAccessor",
- "type": "args",
- "description": "Struts 恶意参数过滤"
- },
- {
- "state": "on",
- "name": "args2",
- "rule": "xwork\\.MethodAccessor",
- "type": "args",
- "description": "Struts 恶意参数过滤"
- },
- {
- "state": "on",
- "name": "oneWordTrojan1",
+ "name": "000003",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"type": "oneWordTrojan"
},
{
"state": "on",
- "name": "oneWordTrojan2",
- "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
- "type": "oneWordTrojan"
- },
- {
- "state": "on",
- "name": "protocolFilter1",
- "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
- "type": "protocolFilter",
- "description": "协议过滤"
- },
- {
- "state": "on",
- "name": "dirFilter1",
+ "name": "000004",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
- "name": "dirFilter2",
+ "name": "000004",
"rule": "java\\.lang",
"type": "dirFilter"
},
{
"state": "on",
- "name": "dirFilter3",
- "rule": "(?:etc\\/\\W*shadow)",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter4",
- "rule": "(?:bin\\/\\W*sh)",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "xss1",
- "rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
+ "name": "000005",
+ "rule": "(window\\['|globalThis\\[|self\\[|top\\[|this\\[|parent\\[)",
"type": "xss"
},
{
"state": "on",
- "name": "xss2",
- "rule": "(onmouseover|onerror|onload)\\=",
- "type": "xss"
+ "name": "000006",
+ "rule": "(invokefunction|call_user_func_array|\\\\think\\\\)",
+ "type": "args"
},
{
"state": "on",
- "name": "xss3",
- "rule": "base64_decode\\(",
- "type": "xss"
- },
- {
- "state": "on",
- "name": "webshell1",
- "rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
- "type": "webshell"
- },
- {
- "state": "on",
- "name": "phpExec1",
- "rule": "/systembc/password.php",
- "type": "phpExec"
- },
- {
- "state": "on",
- "name": "scannerFilter1",
- "rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
- "type": "scannerFilter"
+ "name": "000007",
+ "rule": "\\${jndi:",
+ "type": "args"
}
]
}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/cookie.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/cookie.json
index 147a05eec..4b98c0095 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/cookie.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/cookie.json
@@ -1,138 +1,10 @@
{
"rules": [
- {
- "state": "on",
- "name": "dirFilter1",
- "rule": "\\.\\./",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter2",
- "rule": "\\:\\$",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter3",
- "rule": "\\$\\{",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter4",
- "rule": "(?:etc\\/\\W*passwd)",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter5",
- "rule": "java\\.lang",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "sqlInject1",
- "rule": "select.+(from|limit)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject2",
- "rule": "(?:(union(.*?)select))",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject3",
- "rule": "having|rongjitest",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject4",
- "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject5",
- "rule": "benchmark\\((.*)\\,(.*)\\)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject6",
- "rule": "group\\s+by.+\\(",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject7",
- "rule": "(?:from\\W+information_schema\\W)",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject8",
- "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject9",
- "rule": "into(\\s+)+(?:dump|out)file\\s*",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "sqlInject10",
- "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "name": "args1",
- "rule": "xwork.MethodAccessor",
- "type": "args",
- "description": "Struts 恶意参数过滤"
- },
- {
- "state": "on",
- "name": "args2",
- "rule": "xwork\\.MethodAccessor",
- "type": "args",
- "description": "Struts 恶意参数过滤"
- },
- {
- "state": "on",
- "name": "oneWordTrojan1",
- "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
- "type": "oneWordTrojan"
- },
- {
- "state": "on",
- "name": "oneWordTrojan2",
- "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
- "type": "oneWordTrojan"
- },
- {
- "state": "on",
- "name": "protocolFilter1",
- "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
- "type": "protocolFilter"
- },
{
"state":"on",
"name":"scannerFilter1",
"rule":"(CustomCookie|acunetixCookie)",
"type": "scannerFilter"
- },
- {
- "state": "on",
- "name": "xss1",
- "rule": "base64_decode\\(",
- "type": "xss"
}
]
}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUaBlack.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUaBlack.json
index b5b984b8f..49e9bab7a 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUaBlack.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUaBlack.json
@@ -3,7 +3,7 @@
{
"state": "on",
"name": "uaBlock1",
- "rule": "HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/",
+ "rule": "Fuzz|Nuclei|OpenVAS-VT|HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/",
"type": "scannerFilter"
}
]
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUrlBlack.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUrlBlack.json
index 56c775d76..35b420567 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUrlBlack.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/defaultUrlBlack.json
@@ -2,194 +2,38 @@
"rules": [
{
"state": "on",
- "rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|idea|user\\.ini)",
- "name": "dirFilter1",
+ "rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|env|idea|user\\.ini)",
+ "name": "000001",
"type": "dirFilter"
},
{
"state": "on",
- "rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$",
- "name": "dirFilter2",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$",
- "name": "dirFilter3",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "rule": "java\\.lang",
- "name": "dirFilter4",
- "type": "dirFilter"
- },
- {
- "state": "on",
- "name": "dirFilter5",
+ "name": "000002",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
- "name": "dirFilter6",
- "rule": "(?:bin\\/\\W*sh)",
+ "name": "000004",
+ "rule": "\\.{2,}[\\/\\\\]|%2e%2e[%2f%5c]",
"type": "dirFilter"
},
{
"state": "on",
- "rule": "/(hack|shell|spy|phpspy)\\.php$",
- "name": "phpExec1",
- "type": "phpExec"
- },
- {
- "state": "on",
- "rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)",
- "name": "phpExec2",
- "type": "phpExec"
- },
- {
- "state": "on",
- "rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php",
- "name": "phpExec3",
- "type": "phpExec"
- },
- {
- "state": "on",
- "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
- "name": "oneWordTrojan1",
- "type": "oneWordTrojan"
- },
- {
- "state": "on",
- "rule": "(?:(union(.*?)select))",
- "name": "sqlInject1",
- "type": "sqlInject"
- },
- {
- "state": "on",
- "rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)",
- "name": "appFilter1",
+ "name": "000005",
+ "rule": "WEB-INF/web.xml",
"type": "appFilter"
},
{
"state": "on",
+ "name": "000006",
+ "rule": "boaform/admin/formLogin",
+ "type": "appFilter"
+ },
+ {
+ "state": "on",
+ "name": "000007",
"rule": "wp-includes/wlwmanifest.xml",
- "name": "appFilter2",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "die(@md5(HelloThinkCMF))",
- "name": "appFilter3",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/boaform/admin/formLogin",
- "name": "appFilter4",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/password_change.cgi",
- "name": "appFilter5",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/service/extdirect",
- "name": "appFilter6",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/api/jsonws/invoke",
- "name": "appFilter7",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/jars/upload",
- "name": "appFilter8",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/example/tree/a/search",
- "name": "appFilter9",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/actuator/gateway/routes/hacktest",
- "name": "appFilter10",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/api/v1/method.callAnon/getPasswordPolicy",
- "name": "appFilter11",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/functionRouter",
- "name": "appFilter12",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/uploadfiles/apache.php.jpeg",
- "name": "appFilter14",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/xxx/..;/admin/",
- "name": "appFilter15",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/dvwa/js/dvwaPage.js",
- "name": "appFilter16",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/api/index.php/v1/config/application",
- "name": "appFilter17",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/WEB-INF/web.xml",
- "name": "appFilter18",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/rest/tinymce/1/macro/preview",
- "name": "appFilter19",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/pages/doenterpagevariables.action",
- "name": "appFilter20",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/service/rest/beta/repositories/go/group",
- "name": "appFilter21",
- "type": "appFilter"
- },
- {
- "state": "on",
- "rule": "/dvwa/js/add_event_listeners.js",
- "name": "appFilter22",
"type": "appFilter"
}
]
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/header.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/header.json
index c49c28f73..c54f666ed 100644
--- a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/header.json
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/header.json
@@ -12,12 +12,6 @@
"rule": "j\\S*ndi\\S*:\\S*(?:dap|dns)\\S+",
"type": "appFilter"
},
- {
- "state": "on",
- "name": "appFilter3",
- "rule": "(?:etc\\/\\W*passwd)",
- "type": "appFilter"
- },
{
"state": "on",
"name": "scannerFilter1",
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/urlcc.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/urlcc.json
new file mode 100644
index 000000000..b7fca6ded
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/urlcc.json
@@ -0,0 +1,4 @@
+{
+ "rules": [
+ ]
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10000.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10000.json
new file mode 100644
index 000000000..cfbe971f8
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10000.json
@@ -0,0 +1,14 @@
+{
+ "id":"10000",
+ "state": "on",
+ "name": "Webmin",
+ "cve": "CVE-2019-15107",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/password_change.cgi",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10001.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10001.json
new file mode 100644
index 000000000..0a50bdee7
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10001.json
@@ -0,0 +1,17 @@
+{
+ "id":"10001",
+ "state": "on",
+ "name": "Drupal",
+ "cve": "CVE-2018-7600",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/user/register",
+ "pattern": "contain",
+ "args": {
+ "element_parents": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10002.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10002.json
new file mode 100644
index 000000000..a61feefc6
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10002.json
@@ -0,0 +1,14 @@
+{
+ "id":"10002",
+ "state": "on",
+ "name": "Struts2",
+ "cve": "CVE-2013-2251",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/index\\.action\\?redirect",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10003.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10003.json
new file mode 100644
index 000000000..240a36338
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10003.json
@@ -0,0 +1,17 @@
+{
+ "id":"10003",
+ "state": "on",
+ "name": "AJ-Report",
+ "cve": "CNVD-2024-15077",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/dataSetParam/verification;swagger-ui",
+ "pattern": "contain",
+ "params": {
+ "validationRules": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10004.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10004.json
new file mode 100644
index 000000000..0389fda52
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10004.json
@@ -0,0 +1,14 @@
+{
+ "id":"10004",
+ "state": "on",
+ "name": "Jira",
+ "cve": "CVE-2019-8451",
+ "type": "ssrf",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/plugins/servlet/gadgets/makeRequest\\?url",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10005.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10005.json
new file mode 100644
index 000000000..87f786d1d
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10005.json
@@ -0,0 +1,17 @@
+{
+ "id":"10005",
+ "state": "on",
+ "name": "SaltStack",
+ "cve": "CVE-2020-16846",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/run",
+ "pattern": "eq",
+ "params": {
+ "ssh_priv": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10006.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10006.json
new file mode 100644
index 000000000..c0212dd39
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10006.json
@@ -0,0 +1,14 @@
+{
+ "id":"10006",
+ "state": "on",
+ "name": "Apache Spark",
+ "cve": "CVE-2022-33891",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/\\?doAs",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10007.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10007.json
new file mode 100644
index 000000000..24d8513e9
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10007.json
@@ -0,0 +1,17 @@
+{
+ "id":"10007",
+ "state": "on",
+ "name": "Apache Ofbiz XML-RPC ",
+ "cve": "CVE-2023-49070",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/webtools/control/xmlrpc;/",
+ "pattern": "contain",
+ "args": {
+ "requirePasswordChange": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10008.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10008.json
new file mode 100644
index 000000000..fe91cfd1d
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10008.json
@@ -0,0 +1,14 @@
+{
+ "id":"10008",
+ "state": "on",
+ "name": "Apache OFBiz",
+ "cve": "CVE-2021-26295",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/webtools/control/SOAPServic",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10009.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10009.json
new file mode 100644
index 000000000..d22ba93d3
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10009.json
@@ -0,0 +1,14 @@
+{
+ "id":"10009",
+ "state": "on",
+ "name": "elFinder",
+ "cve": "CVE-2022-26960",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/connector.minimal.php",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10010.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10010.json
new file mode 100644
index 000000000..e1f51dbaf
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10010.json
@@ -0,0 +1,14 @@
+{
+ "id":"10010",
+ "state": "on",
+ "name": "Joomla",
+ "cve": "CVE-2023-23752",
+ "type": "ua",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/api/index.php/v1/config/application\\?public=true",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10011.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10011.json
new file mode 100644
index 000000000..1d1e0d2a7
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10011.json
@@ -0,0 +1,17 @@
+{
+ "id":"10011",
+ "state": "on",
+ "name": "Nexus Repository Manager",
+ "cve": "CVE-2018-16621",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/service/extdirect",
+ "pattern": "eq",
+ "params": {
+ "roles": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10012.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10012.json
new file mode 100644
index 000000000..d31508845
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10012.json
@@ -0,0 +1,14 @@
+{
+ "id":"10012",
+ "state": "on",
+ "name": "Jetty",
+ "cve": "CVE-2021-28169",
+ "type": "id",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/static?/%2557EB-INF/web.xml",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10013.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10013.json
new file mode 100644
index 000000000..5136550ed
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10013.json
@@ -0,0 +1,14 @@
+{
+ "id":"10013",
+ "state": "on",
+ "name": "Gitlist",
+ "cve": "CVE-2018-1000533",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "^/[^/]+/tree/[^/]+/search$",
+ "pattern": "regex"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10014.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10014.json
new file mode 100644
index 000000000..b57eece1e
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10014.json
@@ -0,0 +1,14 @@
+{
+ "id":"10014",
+ "state": "on",
+ "name": "Shiro",
+ "cve": "CVE-2020-1957",
+ "type": "aa",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/..;/admin/",
+ "pattern": "regex"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10015.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10015.json
new file mode 100644
index 000000000..bff26fb33
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10015.json
@@ -0,0 +1,17 @@
+{
+ "id":"10015",
+ "state": "on",
+ "name": "Spring Cloud Gateway",
+ "cve": "CVE-2022-22947",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/actuator/gateway/routes/hacktest",
+ "pattern": "eq",
+ "params": {
+ "name": "AddResponseHeader"
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10016.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10016.json
new file mode 100644
index 000000000..4bf95a40d
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10016.json
@@ -0,0 +1,14 @@
+{
+ "id":"10016",
+ "state": "on",
+ "name": "Apache Flink",
+ "cve": "CVE-2020-17519",
+ "type": "dr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/jobmanager/logs/",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10017.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10017.json
new file mode 100644
index 000000000..d6e033159
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10017.json
@@ -0,0 +1,18 @@
+{
+ "id":"10017",
+ "state": "on",
+ "name": "Nette",
+ "cve": "CVE-2020-15227",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/nette.micro",
+ "pattern": "contain",
+ "args": {
+ "callback": "shell_exec",
+ "cmd": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10018.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10018.json
new file mode 100644
index 000000000..29624f1a2
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10018.json
@@ -0,0 +1,14 @@
+{
+ "id":"10018",
+ "state": "on",
+ "name": "泛微E-cology",
+ "cve": "QVD-2023-16177",
+ "type": "xxe",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/rest/ofs/deleteUserRequestInfoByXml",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10019.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10019.json
new file mode 100644
index 000000000..a4f11b274
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10019.json
@@ -0,0 +1,14 @@
+{
+ "id":"10019",
+ "state": "on",
+ "name": "极通EWEBS",
+ "cve": "",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/casmain.xgi",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10020.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10020.json
new file mode 100644
index 000000000..02f92eaee
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10020.json
@@ -0,0 +1,17 @@
+{
+ "id":"10020",
+ "state": "on",
+ "name": "Apache apisix",
+ "cve": "CVE-2020-13945",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/apisix/admin/routes",
+ "pattern": "eq",
+ "params": {
+ "script": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10021.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10021.json
new file mode 100644
index 000000000..b858b1313
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10021.json
@@ -0,0 +1,17 @@
+{
+ "id":"10021",
+ "state": "on",
+ "name": "Apache apisix",
+ "cve": "CVE-2020-13945",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/apisix/admin/routes",
+ "pattern": "eq",
+ "params": {
+ "script": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10022.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10022.json
new file mode 100644
index 000000000..dbbfc2d87
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10022.json
@@ -0,0 +1,17 @@
+{
+ "id":"10022",
+ "state": "on",
+ "name": "Metabase",
+ "cve": "CVE-2021-41277",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/api/geojson",
+ "pattern": "eq",
+ "args": {
+ "url": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10023.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10023.json
new file mode 100644
index 000000000..4c7a58717
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10023.json
@@ -0,0 +1,14 @@
+{
+ "id":"10023",
+ "state": "on",
+ "name": "Ofbiz",
+ "cve": "CVE-2020-9496",
+ "type": "suid",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/webtools/control/xmlrpc",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10024.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10024.json
new file mode 100644
index 000000000..fd7e71088
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10024.json
@@ -0,0 +1,18 @@
+{
+ "id":"10024",
+ "state": "on",
+ "name": "Kibana",
+ "cve": "CVE-2018-17246",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/api/console/api_server",
+ "pattern": "eq",
+ "args": {
+ "sense_version": "",
+ "apis": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10025.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10025.json
new file mode 100644
index 000000000..7fe4fccca
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10025.json
@@ -0,0 +1,18 @@
+{
+ "id":"10025",
+ "state": "on",
+ "name": "Jenkins",
+ "cve": "CVE-2018-1000861",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript",
+ "pattern": "eq",
+ "args": {
+ "sandbox": "true",
+ "value": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10026.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10026.json
new file mode 100644
index 000000000..61f720463
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10026.json
@@ -0,0 +1,14 @@
+{
+ "id":"10026",
+ "state": "on",
+ "name": "WebLogic",
+ "cve": "CVE-2017-3506",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/wls-wsat/CoordinatorPortType",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10027.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10027.json
new file mode 100644
index 000000000..a4a31d90b
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10027.json
@@ -0,0 +1,17 @@
+{
+ "id":"10027",
+ "state": "on",
+ "name": "Apache druid",
+ "cve": "CVE-2021-36749",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/druid/indexer/v1/sampler",
+ "pattern": "eq",
+ "args": {
+ "for": "connect"
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10028.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10028.json
new file mode 100644
index 000000000..369323487
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10028.json
@@ -0,0 +1,14 @@
+{
+ "id":"10028",
+ "state": "on",
+ "name": "Apache HTTPD",
+ "cve": "",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "^/uploadfiles/.*\\.php\\.(?:jpg|jpeg)$",
+ "pattern": "regex"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10029.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10029.json
new file mode 100644
index 000000000..9f3b2f8fa
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10029.json
@@ -0,0 +1,17 @@
+{
+ "id":"10029",
+ "state": "on",
+ "name": "Rocket.Chat",
+ "cve": "CVE-2021-22911",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/api/v1/method.callAnon/getPasswordPolicy",
+ "pattern": "eq",
+ "params": {
+ "message": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10030.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10030.json
new file mode 100644
index 000000000..4cb9155db
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10030.json
@@ -0,0 +1,14 @@
+{
+ "id":"10030",
+ "state": "on",
+ "name": "Spring Security",
+ "cve": "CVE-2022-22978",
+ "type": "aa",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "/admin/%0d",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10031.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10031.json
new file mode 100644
index 000000000..24516bd15
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10031.json
@@ -0,0 +1,14 @@
+{
+ "id":"10031",
+ "state": "on",
+ "name": "Spring Cloud",
+ "cve": "CVE-2022-22963",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/functionRouter",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10032.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10032.json
new file mode 100644
index 000000000..bd034e35d
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10032.json
@@ -0,0 +1,14 @@
+{
+ "id":"10032",
+ "state": "on",
+ "name": "mongo-express",
+ "cve": "CVE-2019-10758",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/checkValid",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10033.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10033.json
new file mode 100644
index 000000000..bb0ea5db1
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10033.json
@@ -0,0 +1,17 @@
+{
+ "id":"10033",
+ "state": "on",
+ "name": "Nexus Repository Manager3",
+ "cve": "CVE-2020-10199",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/service/rest/beta/repositories/go/group",
+ "pattern": "eq",
+ "params": {
+ "memberNames": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10034.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10034.json
new file mode 100644
index 000000000..1f6fac186
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10034.json
@@ -0,0 +1,14 @@
+{
+ "id":"10034",
+ "state": "on",
+ "name": "Ruby On Rails",
+ "cve": "CVE-2018-3760",
+ "type": "dr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/assets/file:",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10035.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10035.json
new file mode 100644
index 000000000..2dd650eb2
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10035.json
@@ -0,0 +1,17 @@
+{
+ "id":"10035",
+ "state": "on",
+ "name": "Cacti",
+ "cve": "CVE-2022-46169",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/remote_agent.php",
+ "pattern": "eq",
+ "args": {
+ "poller_id": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10036.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10036.json
new file mode 100644
index 000000000..511e554d0
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10036.json
@@ -0,0 +1,14 @@
+{
+ "id":"10036",
+ "state": "on",
+ "name": "Drupal",
+ "cve": "CVE-2014-9016",
+ "type": "dos",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/?q=node&destination=node",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10037.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10037.json
new file mode 100644
index 000000000..862d10a70
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10037.json
@@ -0,0 +1,17 @@
+{
+ "id":"10037",
+ "state": "on",
+ "name": "Atlassian Confluence",
+ "cve": "CVE-2021-26084",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/pages/doenterpagevariables.action",
+ "pattern": "eq",
+ "params": {
+ "queryString": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10038.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10038.json
new file mode 100644
index 000000000..61aca8989
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10038.json
@@ -0,0 +1,17 @@
+{
+ "id":"10038",
+ "state": "on",
+ "name": "Atlassian Confluence",
+ "cve": "CVE-2015-7808",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/ajax/api/hook/decodeArguments",
+ "pattern": "eq",
+ "args": {
+ "arguments": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10039.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10039.json
new file mode 100644
index 000000000..94f204f5f
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10039.json
@@ -0,0 +1,17 @@
+{
+ "id":"10039",
+ "state": "on",
+ "name": "DedeCMS",
+ "cve": "CVE-2018-7700",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/tag_test_action.php",
+ "pattern": "eq",
+ "args": {
+ "partcode": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10040.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10040.json
new file mode 100644
index 000000000..def292008
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10040.json
@@ -0,0 +1,14 @@
+{
+ "id":"10040",
+ "state": "on",
+ "name": "Log4j",
+ "cve": "CVE-2021-44228",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "request_uri",
+ "uri": "jndi:ldap:",
+ "pattern": "contain"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10041.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10041.json
new file mode 100644
index 000000000..83e4aa692
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10041.json
@@ -0,0 +1,17 @@
+{
+ "id":"10041",
+ "state": "on",
+ "name": "Confluence",
+ "cve": "CVE-2019-3396",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/rest/tinymce/1/macro/preview",
+ "pattern": "eq",
+ "params": {
+ "_template": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10042.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10042.json
new file mode 100644
index 000000000..1888047a4
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10042.json
@@ -0,0 +1,17 @@
+{
+ "id":"10042",
+ "state": "on",
+ "name": "Solr",
+ "cve": "CVE-2019-0193",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "^/solr/[\\w-]+/dataimport(?:\\?.*)?$",
+ "pattern": "regex",
+ "params": {
+ "command": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10043.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10043.json
new file mode 100644
index 000000000..19590f8eb
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10043.json
@@ -0,0 +1,17 @@
+{
+ "id":"10043",
+ "state": "on",
+ "name": "若依管理系统",
+ "cve": "CNVD-2021-01931",
+ "type": "afd",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/common/download/resource",
+ "pattern": "eq",
+ "args": {
+ "resource": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10044.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10044.json
new file mode 100644
index 000000000..a16ef6ea9
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10044.json
@@ -0,0 +1,17 @@
+{
+ "id":"10044",
+ "state": "on",
+ "name": "Coremail",
+ "cve": "",
+ "type": "il",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/mailsms/s",
+ "pattern": "eq",
+ "args": {
+ "func": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10045.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10045.json
new file mode 100644
index 000000000..ffec420d9
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10045.json
@@ -0,0 +1,17 @@
+{
+ "id":"10045",
+ "state": "on",
+ "name": "F5 BIG-IP",
+ "cve": "CVE-2020-5902",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp",
+ "pattern": "eq",
+ "args": {
+ "fileName": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10046.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10046.json
new file mode 100644
index 000000000..3ba0c6187
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10046.json
@@ -0,0 +1,17 @@
+{
+ "id":"10046",
+ "state": "on",
+ "name": "齐治堡垒机",
+ "cve": "",
+ "type": "aa",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/audit/gui_detail_view.php",
+ "pattern": "eq",
+ "args": {
+ "token": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10047.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10047.json
new file mode 100644
index 000000000..c74bb65cf
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10047.json
@@ -0,0 +1,17 @@
+{
+ "id":"10047",
+ "state": "on",
+ "name": "Craft",
+ "cve": "CVE-2020-9757",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/actions/seomatic/meta-container/meta-link-container/",
+ "pattern": "eq",
+ "args": {
+ "uri": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10048.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10048.json
new file mode 100644
index 000000000..78ebd631a
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10048.json
@@ -0,0 +1,17 @@
+{
+ "id":"10048",
+ "state": "on",
+ "name": "Laravel",
+ "cve": "CVE-2021-3129",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/_ignition/execute-solution",
+ "pattern": "eq",
+ "params": {
+ "solution": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10049.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10049.json
new file mode 100644
index 000000000..7dc2374f2
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10049.json
@@ -0,0 +1,17 @@
+{
+ "id":"10049",
+ "state": "on",
+ "name": "Liferay Portal",
+ "cve": "CVE-2020-7961",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/api/jsonws/invoke",
+ "pattern": "eq",
+ "params": {
+ "cmd": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10050.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10050.json
new file mode 100644
index 000000000..7643c57e7
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10050.json
@@ -0,0 +1,17 @@
+{
+ "id":"10050",
+ "state": "on",
+ "name": "GeoServer",
+ "cve": "CVE-2023-25157",
+ "type": "sqlInjection",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/geoserver/ows",
+ "pattern": "eq",
+ "args": {
+ "service": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10051.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10051.json
new file mode 100644
index 000000000..dc710081a
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10051.json
@@ -0,0 +1,14 @@
+{
+ "id":"10051",
+ "state": "on",
+ "name": "Flink",
+ "cve": "CVE-2020-17518",
+ "type": "afw",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/jars/upload",
+ "pattern": "eq"
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10052.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10052.json
new file mode 100644
index 000000000..5bfcfb827
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10052.json
@@ -0,0 +1,17 @@
+{
+ "id":"10052",
+ "state": "on",
+ "name": "Nexus Repository Manager",
+ "cve": "CVE-2019-7238",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "request_uri",
+ "uri": "/service/extdirect",
+ "pattern": "eq",
+ "params": {
+ "action": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10053.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10053.json
new file mode 100644
index 000000000..602e14043
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10053.json
@@ -0,0 +1,17 @@
+{
+ "id":"10053",
+ "state": "on",
+ "name": "Apache druid",
+ "cve": "CVE-2021-25646",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/druid/indexer/v1/sampler",
+ "pattern": "eq",
+ "params": {
+ "function": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10054.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10054.json
new file mode 100644
index 000000000..7eabeb0dd
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10054.json
@@ -0,0 +1,17 @@
+{
+ "id":"10054",
+ "state": "on",
+ "name": "Apache Unomi",
+ "cve": "CVE-2020-13942",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/context.json",
+ "pattern": "eq",
+ "params": {
+ "filters": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10055.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10055.json
new file mode 100644
index 000000000..5b5b2875b
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10055.json
@@ -0,0 +1,17 @@
+{
+ "id":"10055",
+ "state": "on",
+ "name": "F5 BIG-IP",
+ "cve": "CVE-2023-46747",
+ "type": "rce",
+ "remark": "",
+ "rule": {
+ "method":"POST",
+ "type": "uri",
+ "uri": "/mgmt/tm/util/bash",
+ "pattern": "eq",
+ "params": {
+ "command": ""
+ }
+ }
+}
\ No newline at end of file
diff --git a/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10056.json b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10056.json
new file mode 100644
index 000000000..da774b736
--- /dev/null
+++ b/openresty/1.25.3.2-0-1-focal/1pwaf/data/rules/vuln/10056.json
@@ -0,0 +1,17 @@
+{
+ "id":"10056",
+ "state": "on",
+ "name": "MetInfo",
+ "cve": "",
+ "type": "afr",
+ "remark": "",
+ "rule": {
+ "method":"GET",
+ "type": "uri",
+ "uri": "/include/thumb.php",
+ "pattern": "eq",
+ "args": {
+ "dir": ""
+ }
+ }
+}
\ No newline at end of file