9002140 | OWASP WordPress improvement | 2019-09-23 | 2019-09-23 | Scoring based | Scoring based |
9002140_JSON | OWASP WordPress improvement | 2019-09-23 | 2019-09-23 | Scoring based | Scoring based |
9002141 | OWASP WordPress improvement | 2019-09-23 | 2019-09-23 | Scoring based | Scoring based |
9002141_JSON | OWASP WordPress improvement | 2019-09-23 | 2019-09-23 | Scoring based | Scoring based |
100008E | SQLi improvement | 2019-09-23 | 2019-09-30 | Block | Block |
100162 | SQLi improvement on 'SELECT FROM TABLE' statements | 2019-09-16 | 2019-09-23 | N/A | Block |
9002140 | Small improvement to Gutenberg exception rules | 2019-09-02 | 2019-09-09 | N/A | Scoring based |
9002140_JSON | Small improvement to Gutenberg exception rules | 2019-09-02 | 2019-09-09 | N/A | Scoring based |
9002141 | Small improvement to Gutenberg exception rules | 2019-09-02 | 2019-09-09 | N/A | Scoring based |
9002141_JSON | Small improvement to Gutenberg exception rules | 2019-09-02 | 2019-09-09 | N/A | Scoring based |
100160 | JBoss protection improvement | 2019-09-09 | 2019-09-16 | N/A | Block |
URI-973326 | Small improvement in OWASP rule | 2019-08-09 | 2019-09-09 | Scoring based | Scoring based |
973326 | Small improvement in OWASP rule | 2019-08-09 | 2019-09-09 | Scoring based | Scoring based |
URI-950901 | Remove OWASP rule | 2019-07-29 | 2019-09-02 | Scoring based | N/A |
959151 | Small improvement in OWASP rule | 2019-07-29 | 2019-09-02 | Block | Block |
950901 | Remove OWASP rule | 2019-07-29 | 2019-09-02 | Scoring based | N/A |
100158 | SQL Injection - Obfuscated SELECT expressions | 2019-06-17 | 2019-09-09 | Log | Block |
9002140 | Reducing WAF false positives for the Gutenberg WordPress editor | 2019-07-22 | 2019-07-24 | N/A | Scoring based |
9002140_JSON | Reducing WAF false positives for the Gutenberg WordPress editor | 2019-07-22 | 2019-07-24 | N/A | Scoring based |
9002141 | Reducing WAF false positives for the Gutenberg WordPress editor | 2019-07-22 | 2019-07-24 | N/A | Scoring based |
9002141_JSON | Reducing WAF false positives for the Gutenberg WordPress editor | 2019-07-22 | 2019-07-24 | N/A | Scoring based |
D0003B | Disable rule by default | 2019-07-22 | 2019-07-29 | Block | Disable |
100005A | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100007N | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100009DBETA | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100009I | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100009L | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100010B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100021CD | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100030_BETA | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100030ARGS_LOOSE | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100035B2 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100035D | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100042 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100056_BETA | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100057 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100059 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100061 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100062 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100062_BETA | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100064 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100066 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100067 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100068 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100075 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100077 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100078B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100083 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100084 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100085 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100086 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100088C | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100093 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100096BEVIL | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100096BHTML | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100096EVIL | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100096HTML | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100098 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100105 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100106B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100107ARGS | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100108 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100108ARGS | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100109 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100109B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100111 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100115 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100119 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100122 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100123B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100126 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100131 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100133 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100135B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100137 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100139A | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100140 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100146 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100146B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100149 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100158 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
CFMISC0004 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
CFMISC0004B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
CFMISC0016B | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
D0005 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
D0016 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
PHP100008 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
PHP100009 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
PHP100010 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
PHP100011ARGS | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
PHP100011COOKIE | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
WP0012 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
WP0025C | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
WP0028 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
WP0030 | Disable rule by default | 2019-07-22 | 2019-07-29 | Log | Disable |
100136A | Improve XSS JavaScript URI detection and reduce false positives | 2019-07-01 | 2019-07-29 | Block | Block |
100136B | Improve XSS JavaScript URI detection and reduce false positives | 2019-07-01 | 2019-07-29 | Block | Block |
100136C | Improve XSS JavaScript URI detection and reduce false positives | 2019-07-01 | 2019-07-29 | Block | Block |
100135A | Improve XSS JavaScript Events detection and reduce false positives | 2019-07-01 | 2019-07-29 | Block | Block |
100135B | Improve XSS JavaScript Events detection and reduce false positives | 2019-07-01 | 2019-07-29 | Log | Block |
100135C | Improve XSS JavaScript Events detection and reduce false positives | 2019-07-01 | 2019-07-29 | Block | Block |
100030 | Improve XSS HTML Script Tag detection | 2019-07-01 | 2019-07-22 | Block | Block |
100153 | Block Oracle WebLogic - Command Injection - CVE-2019-2729 | 2019-06-27 | 2019-06-27 | Block | Block |
9002140A | Improve 9002140A | 2019-06-19 | 2019-06-19 | Scoring based | Scoring based |
9002140B | Improve 9002140B | 2019-06-19 | 2019-06-19 | Scoring based | Scoring based |
9002140A | Improve 9002140A | 2019-06-17 | 2019-06-17 | Scoring based | Scoring based |
9002140A | Improve 9002140B | 2019-06-17 | 2019-06-17 | Scoring based | Scoring based |
9002140B_BETA | Improve 9002140B | 2019-06-10 | 2019-06-10 | Scoring based | Scoring based |
WP0033 | Easy WP SMTP - Deserialization | 2019-06-10 | 2019-06-17 | Log | Block |
100156 | XSS, HTML Injection - Malicious HTML Encoding | 2019-06-10 | 2019-06-17 | Log | Block |
100005 | Improved shell variable normalization | 2019-06-03 | 2019-06-10 | Block | Block |
100007NS | Improved shell variable normalization | 2019-06-03 | 2019-06-10 | Block | Block |
100096BHTML | XSS, HTML Injection - Body | 2019-06-03 | 2019-06-03 | N/A | Log |
100096BEVIL | XSS, HTML Injection - Body | 2019-06-03 | 2019-06-03 | N/A | Log |
100155 | PHPCMS - Dangerous File Upload - CVE-2018-14399 | 2019-06-03 | 2019-06-10 | Log | Block |
9002140A | New OWASP rules to allow requests from the WordPress's Gutenberg editor | 2019-05-28 | 2019-06-03 | N/A | Scoring based |
9002140B | New OWASP rules to allow requests from the WordPress's Gutenberg editor | 2019-05-28 | 2019-06-03 | N/A | Scoring based |
All | Improve Rule Descriptions | 2019-05-20 | 2019-05-28 | N/A | N/A |
100157 | Microsoft SharePoint Deserialization - CVE-2019-0604 (Strict) | 2019-05-20 | 2019-05-28 | Block | Block |
100053 | Potential FI or Alias/Rewrite Bypass - Double Slash in URL | 2019-05-13 | 2019-05-20 | Disable | Disable |
100157 | Microsoft SharePoint Deserialization - CVE-2019-0604 | 2019-05-13 | 2019-05-13 | N/A | Block |
100122ARGS | Dangerous stream wrappers | 2019-05-13 | 2019-05-20 | Block | Deprecated |
100122ARGS_GET | Dangerous stream wrappers | 2019-05-13 | 2019-05-20 | Block | Deprecated |
100122 | Dangerous stream wrappers | 2019-05-13 | 2019-05-20 | Log | Block |
100154 | WordPress Social Warfare RCE/XSS (CVE-2019-9978) | 2019-05-07 | 2019-05-13 | Log | Block |
9002140 | Reduce OWASP false positives | 2019-05-07 | 2019-05-13 | Log | Allow |
100008 | Improve SQLi detection | 2019-05-07 | 2019-05-13 | Block | Block |
100135A | Improve XSS detection and reduce false positives | 2019-04-29 | 2019-05-07 | Block | Block |
100135B | Improve XSS detection and reduce false positives | 2019-04-29 | 2019-05-07 | Log | Block |
100135C | Improve XSS detection and reduce false positives | 2019-04-29 | 2019-05-07 | Block | Block |
100136A | Improve XSS detection and reduce false positives | 2019-04-29 | 2019-05-07 | Block | Block |
100136B | Improve XSS detection and reduce false positives | 2019-04-29 | 2019-05-07 | Block | Block |
100153 | Block Oracle WebLogic CVE-2019-2725, CVE-2017-10271, CVE-2017-3506 | 2019-04-29 | 2019-05-07 | N/A | Block |
100148 | Improve inline XSS detection | 2019-04-29 | 2019-05-07 | Log | Block |
100105HEADERS | PHP serialization in headers, excluding Cookies | 2019-04-29 | 2019-05-07 | N/A | Block |
100146C | Potential SSRF attack | 2019-04-29 | 2019-05-07 | Log | Block |
100106 | PostgreSQL COPY Injection | 2019-04-29 | 2019-05-07 | Block | Block |
100139A | HTML Injection, XSS or Code Injection via data URI | 2019-04-29 | 2019-05-07 | N/A | Log |
100139B | HTML Injection, XSS or Code Injection via data URI | 2019-04-29 | 2019-05-07 | N/A | Block |
100139C | HTML Injection, XSS or Code Injection via data URI | 2019-04-29 | 2019-05-07 | N/A | Block |
100105REFERER | PHP serialization in Referer header | 2019-04-22 | 2019-04-29 | N/A | Block |
100152 | Joomla CVE-2019-10945 | 2019-04-22 | 2019-04-29 | N/A | Block |
100144 | NoSQL Injection attack (Expression vector) | 2019-04-22 | 2019-04-29 | Log | Block |
100143 | NoSQL Injection attack (comparison vector) | 2019-04-22 | 2019-04-29 | Log | Block |
100135A | Improve XSS detection | 2019-04-15 | 2019-04-22 | Block | Block |
100135B | Improve XSS detection | 2019-04-15 | 2019-04-22 | Block | Block |
100136A | Improve XSS detection | 2019-04-15 | 2019-04-22 | Block | Block |
100136B | Improve XSS detection | 2019-04-15 | 2019-04-22 | Block | Block |
100097G | Improve SQLi blocking | 2019-04-15 | 2019-04-22 | Log | Block |
WP0034 | WordPress zero day XSS | 2019-04-15 | 2019-04-22 | N/A | Block |
100010A | Improve SQLi detection | 2019-04-15 | 2019-04-22 | Block | Block |
PHP100013 | Blocks PHP CGI attack by default | 2019-04-15 | 2019-04-22 | Log | Block |
100150 | Block CVE-2019-10842 | 2019-04-15 | 2019-04-22 | N/A | Block |
100148 | Improve XSS inline detection | 2019-04-15 | 2019-04-29 | Log | Block |
100142 | NoSQL Injection attack (array vector) | 2019-04-08 | 2019-04-15 | Log | Block |
100135A | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100135B | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100135C | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100030SVG | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021C | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021CE | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021CB | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021CD | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021CD2 | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
100021CD3 | Improve XSS event detection | 2019-04-01 | 2019-04-08 | N/A | N/A |
D0020BETA | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Block |
D0017 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Block |
D0017 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
D0018 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
D0019 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
D0021 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
100127 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
100128 | Improve blocking of SA-CORE-2019-003 | 2019-04-01 | 2019-04-08 | Log | Deleted |
100136A | Improve XSS detection using javascript events | 2019-03-25 | 2019-04-01 | N/A | Block |
100136B | Improve XSS detection using javascript events | 2019-03-25 | 2019-04-01 | N/A | Block |
100136C | Improve XSS detection using javascript events | 2019-03-25 | 2019-04-01 | N/A | Block |
100135A | Improve XSS detection using javascript URI | 2019-03-25 | 2019-04-08 | N/A | Block |
100135B | Improve XSS detection using javascript URI | 2019-03-25 | 2019-04-08 | N/A | Log |
100135C | Improve XSS detection using javascript URI | 2019-03-25 | 2019-04-08 | N/A | Block |
100120BETA2 | Reduce 100120's false positives | 2019-03-25 | 2019-04-01 | Log | Block |
100123A | Improve invalid UTF-8 detection | 2019-03-25 | 2019-04-08 | N/A | Block |
100123B | Improve invalid UTF-8 detection | 2019-03-25 | 2019-04-08 | N/A | Log |
WP0032BETA | Reduce false positives for WP0032 | 2019-03-25 | 2019-04-01 | Log | Block |
100122ARGS | Block use of stream wrappers in all arguments | 2019-03-25 | 2019-04-01 | Log | Block |
100132 | Protection for Apache Tika Command Injection CVE-2018-1335 | 2019-03-25 | 2019-04-01 | Log | Block |
PHP100006 | Improve PHP webshell attempt detection. | 2019-03-25 | 2019-04-01 | Log | Block |
100005 | Merge LFI 100005_BETA into 100005. Mitigates CVE-2018-9126, CVE-2011-1892. | 2019-03-25 | 2019-04-01 | Block | Block |
100005U | Superseded by 100005 | 2019-03-25 | 2019-04-01 | Block | Block |
100005UR | Superseded by 100005 | 2019-03-25 | 2019-04-01 | Block | Block |
100134 | Ruby on Rails File Disclosure CVE-2019-5418 | 2019-03-25 | 2019-04-01 | Log | Block |
100120BETA | Improve 100120's coverage of SQLi | 2019-03-18 | 2019-03-25 | Log | Block |
100130 | Executable file upload attempt | 2019-03-18 | 2019-04-08 | Log | Block |
100130B | Executable file with fake extension upload attempt | 2019-03-18 | 2019-03-25 | Log | Block |
100021CB | Improves XSS event detection using alternate syntax \`, brackets, and parenthesis. | 2019-03-11 | 2019-03-18 | Log | Block |
100021A | Improve XSS detection in Referer Header | 2019-03-11 | 2019-03-18 | Challenge | Block |
100030SVG | Improve XSS event detection | 2019-03-11 | 2019-03-18 | Challenge | Block |
100021C | Improve XSS event detection | 2019-03-11 | 2019-03-18 | Block | Block |
100021CE | Improve XSS event detection | 2019-03-11 | 2019-03-18 | Block | Block |
100021CB | Improve XSS event detection | 2019-03-11 | 2019-03-18 | Block | Block |
100122ARGS_GET | Block use of stream wrappers in GET arguments (RFI/RCE) | 2019-03-11 | 2019-03-18 | Log | Block |
100125 | Block AngularJS Sandbox attacks | 2019-03-11 | 2019-03-18 | Log | Block |
100021D | Improve XSS detection | 2019-03-11 | 2019-03-18 | Challenge | Block |
WP0031 | WordPress RCE - CVE-2019-8942, CVE-2019-8943 | 2019-03-04 | 2019-03-11 | N/A | Block |
100021CB | Improve XSS event detection | 2019-03-04 | 2019-03-11 | Challenge | Block |
100021C | Improve XSS event detection | 2019-03-04 | 2019-03-11 | Block | Block |
100008E | Improve SQLi probing | 2019-02-25 | 2019-03-04 | Block | Block |
100123 | UTF-8 Invalid Characters detection (URL) | 2019-02-18 | 2019-03-04 | Log | Block |
100124A | UTF-8 Invalid Characters detection | 2019-02-11 | 2019-02-11 | N/A | Disable |
100124B | UTF-8 Invalid Characters detection | 2019-02-11 | 2019-02-11 | N/A | Disable |
100008E | Improve SQLi probe detection | 2019-02-11 | 2019-02-18 | N/A | Block |
100063_BETA | Reduce false positives for 100063 | 2019-02-11 | 2019-02-18 | Log | Block |
100008 | Moved rule out of BETA | 2019-02-08 | 2019-02-08 | Block | Block |
100021H | Improve XSS | 2019-02-11 | 2019-02-18 | Log | Block |
100021G | Delete XSS rule | 2019-02-11 | 2019-02-18 | Block | Deleted |
100011 | Block requests with null bytes | 2019-02-04 | 2019-02-04 | N/A | Disable |
100020 | Blocked SQLi with mysql comments | 2019-01-28 | 2019-02-04 | Log | Block |
100120B | Blocked SQLi with mysql comments | 2019-01-28 | 2019-02-04 | Log | Block |
100120C | Blocked SQLi with mysql comments | 2019-01-28 | 2019-02-04 | N/A | Disable |
100054 | Block CVE-2017-5638 RCE attempts | 2019-01-28 | 2019-02-04 | Log | Block |
100009C | Reduce 100009C false positives | 2019-01-21 | 2019-01-28 | Block | Block |
100007 | Improved RCE detection | 2019-01-21 | 2019-01-28 | Block | Block |
PHP100012 | Detect CVE-2017-9841 | 2019-01-21 | 2019-01-28 | N/A | Block |
100112B | Block requests with duplicated User-Agent headers | 2019-01-21 | 2019-01-21 | N/A | Disable |
D0015 | Emergency release for Drupal SA-CORE-2019-002 vulnerability | 2019-01-17 | 2019-01-17 | N/A | Block |
D0016 | Emergency release for Drupal SA-CORE-2019-002 vulnerability | 2019-01-17 | 2019-01-17 | N/A | Log |
100009J | Reduce 100009J false positives | 2019-01-14 | 2019-01-21 | Block | Block |
100114 | Improved XSS probing detection | 2019-01-14 | 2019-01-21 | Log | Block |
100005 | Improved LFI detection | 2019-01-14 | 2019-01-21 | Log | Block |
PHP100011 | Improved PHP code injection detection in URI and headers | 2019-01-07 | 2019-01-14 | Log | Block |
100121ARGS_GET | Use of multiple percent-encoding level in URI arguments | 2019-01-07 | 2019-01-07 | N/A | Disable |
100121URI | Use of multiple percent-encoding level in URI | 2019-01-07 | 2019-01-07 | N/A | Disable |
100021CD3 | XSS reflection with javascript events | 2019-01-02 | 2019-01-02 | N/A | Disable |
100068B | Improve SQLi detection | 2018-12-17 | 2019-01-02 | Log | Block |
100021_BETA | Improve XXS detection | 2018-12-17 | 2019-01-02 | Log | Challenge |
100016_BETA | Improved sensitive directories access | 2018-12-06 | 2018-12-11 | Log | Block |
100035U_BETA | Improved Baidu bot detection | 2018-11-26 | 2018-12-06 | Log | Block |
100026_BETA | Improved PHP injection detection | 2018-11-26 | 2018-12-06 | Log | Block |
100118 | Improved SQLi detection | 2018-11-12 | 2018-11-19 | Log | Block |
100008_BETA | Improved SQLi detection | 2018-11-05 | 2018-11-12 | Log | Block |
100116 | For CVE-2018-9206, vulnerable jQuery File Uploader | 2018-11-05 | 2018-11-19 | Log | Block |
100117 | For CVE-2018-9206, vulnerable jQuery File Uploader | 2018-11-05 | 2018-11-19 | Log | Block |
100114 | XSS probing detection | 2018-10-29 | 2018-11-12 | Log | Block |
100097 | libinjection based SQLi detection rule. | 2018-10-22 | 2018-10-29 | N/A | Disable |
100097F | libinjection based SQLi detection rule. | 2018-10-22 | 2018-10-29 | Log | Block |
100112 | Block requests with duplicated headers | 2018-10-15 | 2018-10-15 | N/A | Disable |
100070 | Block requests with invalid x-forwarded-for headers | 2018-10-15 | 2018-10-22 | Log | Block |
100107 | Improved XSS Probing detection | 2018-10-15 | 2018-10-22 | Log | Block |
100111 | Detect large numbers of GET parameters in requests | 2018-10-15 | 2018-10-22 | Log | Block |
100109 | Detect large numbers of GET parameters in requests | 2018-10-15 | 2018-10-22 | Log | Block |
100109B | Detect large numbers of GET parameters in requests | 2018-10-15 | 2018-10-22 | Log | Log |
100110 | Detect large numbers of GET parameters in requests | 2018-10-15 | 2018-10-22 | Disable | Disable |
WP0020 | WP allowlist | 2018-10-01 | 2018-10-08 | Allow | Allow |
WP0004 | WP allowlist | 2018-10-01 | 2018-10-08 | Allow | Allow |
100088B_BETA | Improved XXE detection | 2018-09-24 | 2018-10-08 | Log | Block |
100030 | Improved XSS Probing detection | 2018-09-24 | 2018-10-08 | Challenge | Block |
100021B | Improved XSS Probing detection | 2018-09-24 | 2018-10-08 | Block | Block |
100030_BETA | Improved XSS Probing detection | 2018-09-24 | 2018-10-08 | Log | Block |
100008CW_BETA | Improved SQLi sleep probing | 2018-09-24 | 2018-10-01 | Log | Block |
100106 | Improved SQLi detection | 2018-09-24 | 2018-10-01 | Log | Block |
100009J_BETA | Improved SQLi detection | 2018-09-24 | 2018-10-01 | Log | Block |
100009CB | Improved SQLi detection | 2018-09-17 | 2018-09-24 | Log | Block |
100102 | Rules to stop file read and deletion vulnerabilities in GhostScript | 2018-09-17 | 2018-09-24 | Log | Block |
100103 | Rules to stop file read and deletion vulnerabilities in GhostScript | 2018-09-17 | 2018-09-24 | Log | Block |
100101 | Emergency release for vulnerability in Ghostscript | N/A | 2018-09-12 | N/A | Block |
950907 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
950008 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
950010 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
950011 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
960008 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
960015 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
960009 | Additional OWASP rules can be disabled in UI | 2018-09-17 | 2018-09-24 | N/A | N/A |
100009C_BETA | Improved SQLi detection | 2018-09-10 | 2018-09-17 | Log | Deleted |
100021CE | Improved XSS Detection | 2018-09-03 | 2018-09-10 | Block | Block |
100088B | Improved XXE Detection | 2018-09-03 | 2018-09-10 | Log | Block |
100091B | Improved XSS Detection | 2018-09-03 | 2018-09-10 | N/A | Block |
PLONE0002 | Update rule regex | 2018-08-20 | 2018-08-28 | Block | Block |
100021CE_BETA | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Block |
100030SVG_BETA | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Block |
100090 | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Block |
100091 | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Block |
100092 | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Block |
100093 | Improved XSS Detection | 2018-08-20 | 2018-08-28 | Log | Log |
100063 | Reduction in false positives | 2018-08-13 | 2018-08-13 | Block | Block |
100035C | Improved detection of fake google bots. | Emergency release 2018-08-10 | 2018-08-10 | N/A | Block |
100095 | Rules to block cache poisoning attacks | Emergency release 2018-08-13 | 2018-08-10 | N/A | Block |
100095B | Rules to block cache poisoning attacks | Emergency release 2018-08-13 | 2018-08-10 | N/A | Block |
WP0003 | Disable login | 2018-08-13 | 2018-08-10 | Allow | Allow |
WP0025B | Reducing the false positives WP0025B caused in the Gutenberg WordPress editor. | 2018-08-06 | 2018-08-08 | Block | Block |
WP0025D | Reducing the false positives WP0025B caused in the Gutenberg WordPress editor. | 2018-08-06 | 2018-08-08 | Block | Block |
D0006 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Block |
D0007 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Block |
D0008 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Disable |
D0009 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Disable |
D0010 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Disable |
D0011 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Disable |
D0012 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Disable |
D0013 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Block |
D0014 | These attempt to address SA-CORE-2018-005 by matching certain headers. | Emergency release, 2019-08-03 | 2019-08-03 | N/A | Block |
100038 | Blocks requests to /server_status, which g ives away information on how a server works. | 2018-08-30 | 2018-08-06 | Log | Block |
100089 | Improved SQLi detection | 2018-07-16 | 2018-07-30 | Log | Block |