@abtnode/router-provider 1.16.38-beta-20250115-235439-bb5a1c1b → 1.16.38-beta-20250118-033334-2da05ae8

package/lib/nginx/includes/security/crs4/rules/php-variables.data

@@ -0,0 +1,30 @@
+# The data in this list comes from
+# https://www.php.net/manual/en/reserved.variables.php
+# https://www.php.net/manual/en/language.variables.superglobals.php
+# https://www.php.net/manual/en/language.constants.predefined.php
+
+#  These superglobal variables are:
+$GLOBALS
+$_COOKIE
+$_ENV
+$_FILES
+$_GET
+$_POST
+$_REQUEST
+$_SERVER
+$_SESSION
+$argc
+$argv
+$http_​response_​header
+# Deprecated
+$php_​errormsg
+
+# This is really old, completely deprecated vars (PHP >= 4 < 5.3)
+$HTTP_COOKIE_VARS
+$HTTP_ENV_VARS
+$HTTP_GET_VARS
+$HTTP_POST_FILES
+$HTTP_POST_VARS
+$HTTP_RAW_POST_DATA
+$HTTP_REQUEST_VARS
+$HTTP_SERVER_VARS

package/lib/nginx/includes/security/crs4/rules/restricted-files.data

@@ -0,0 +1,284 @@
+# Apache
+# (no slash; also guards against old.htaccess, old.htpasswd, etc.)
+.htaccess
+.htdigest
+.htpasswd
+# home level dotfiles (keep in sync with lfi-os-files.data)
+# grep -E '^\.' lfi-os-files.data
+.addressbook
+.aptitude/config
+.aws/
+.azure/
+.bash_
+.bashrc
+.cache/notify-osd.log
+.config/
+.cshrc
+.docker
+.drush/
+.env
+.eslintignore
+.fbcindex
+.forward
+.gitattributes
+.gitconfig
+.gnupg/
+.google_authenticator
+.hplip/hplip.conf
+.htaccess
+.htdigest
+.htpasswd
+.ksh_history
+.lesshst
+.lftp/
+.lhistory
+.lighttpdpassword
+.lldb-history
+.local/share/mc/
+.lynx_cookies
+.my.cnf
+.mysql_history
+.nano_history
+.node_repl_history
+.npmrc
+.nsconfig
+.nsr
+.oh-my-
+.password-store
+.pearrc
+.pgpass
+.php_history
+.pinerc
+.pki/
+.proclog
+.procmailrc
+.profile
+.psql_history
+.python_history
+.rediscli_history
+.rhistory
+.rhosts
+.selected_editor
+.sh_history
+.sqlite_history
+.snap/
+.ssh/
+.subversion/
+.tconn/
+.tcshrc
+.tmux.conf
+.tor/
+.vagrant.d/
+.vidalia/
+.vim/
+.viminfo
+.vimrc
+.vscode
+.www_acl
+.wwwacl
+.Xauthority
+.yarnrc
+.zhistory
+.zsh_history
+.zshenv
+.zshrc
+# Version control
+/.git/
+/.gitignore
+/.hg/
+/.hgignore
+/.svn/
+# October CMS credentials file
+/auth.json
+# Wordpress
+wp-config.php
+wp-config.bak
+wp-config.old
+wp-config.temp
+wp-config.tmp
+wp-config.txt
+# Symfony
+/config/config.yml
+/config/config_dev.yml
+/config/config_prod.yml
+/config/config_test.yml
+/config/parameters.yml
+/config/routing.yml
+/config/security.yml
+/config/services.yml
+# Drupal
+/sites/default/default.settings.php
+/sites/default/settings.php
+/sites/default/settings.local.php
+# NextCloud
+/config/config.php
+# PrestaShop configuration files
+/config/settings.inc.php
+/app/config/parameters.php
+# Magento
+/app/etc/local.xml
+# Sublime Text
+/sftp-config.json
+# ASP.NET
+/Web.config
+# Node
+/package.json
+/package-lock.json
+/npm-shrinkwrap.json
+/gruntfile.js
+/npm-debug.log
+/ormconfig.json
+/tsconfig.json
+/webpack.config.js
+/yarn.lock
+# Composer
+/composer.json
+/composer.lock
+/packages.json
+# OSX
+/.DS_Store
+# WS FTP
+/.ws_ftp.ini
+# New Per-Project Files
+.idea
+nbproject/
+bower.json
+.bowerrc
+.eslintrc
+.jshintrc
+.gitlab-ci.yml
+.travis.yml
+database.yml
+Dockerfile
+# PHP_CodeSniffer configuration files
+.php_cs.dist
+.phpcs.xml
+phpcs.xml
+.phpcs.xml.dist
+phpcs.xml.dist
+# Windows desktop configuration file
+Desktop.ini
+# Windows Explorer cache of thumbnail images
+Thumbs.db
+# PHP configuration files
+.user.ini
+php.ini
+# Oracle WebLogic Server configuration file
+weblogic.xml
+# Oracle SOAP Request Handler configuration file
+soapConfig.xml
+# Common names for local PHP error logs
+php_error.log
+php_errors.log
+# Java directory for non-public application data
+WEB-INF/
+# Fortinet SSL VPN session file
+sslvpn_websession
+# BlockCypher log file used in code examples
+BlockCypher.log
+# Roundcube Webmail
+config.inc.php
+config.sample.php
+defaults.inc.php
+# Contains credentials for SendGrid service
+sendgrid.env
+# Fish shell files
+.fish
+fish_variables
+
+# /proc entries (keep in sync with lfi-os-files.data)
+# grep -E "^proc/" lfi-os-files.data
+proc/0
+proc/1
+proc/2
+proc/3
+proc/4
+proc/5
+proc/6
+proc/7
+proc/8
+proc/9
+proc/acpi
+proc/asound
+proc/bootconfig
+proc/buddyinfo
+proc/bus
+proc/cgroups
+proc/cmdline
+proc/config.gz
+proc/consoles
+proc/cpuinfo
+proc/crypto
+proc/devices
+proc/diskstats
+proc/dma
+proc/docker
+proc/driver
+proc/dynamic_debug
+proc/execdomains
+proc/fb
+proc/filesystems
+proc/fs
+proc/interrupts
+proc/iomem
+proc/ioports
+proc/ipmi
+proc/irq
+proc/kallsyms
+proc/kcore
+proc/key-users
+proc/keys
+proc/kmsg
+proc/kpagecgroup
+proc/kpagecount
+proc/kpageflags
+proc/latency_stats
+proc/loadavg
+proc/locks
+proc/mdstat
+proc/meminfo
+proc/misc
+proc/modules
+proc/mounts
+proc/mpt
+proc/mtd
+proc/mtrr
+proc/net
+proc/pagetypeinfo
+proc/partitions
+proc/pressure
+proc/sched_debug
+proc/schedstat
+proc/scsi
+proc/self
+proc/slabinfo
+proc/softirqs
+proc/stat
+proc/swaps
+proc/sys
+proc/sysrq-trigger
+proc/sysvipc
+proc/thread-self
+proc/timer_list
+proc/timer_stats
+proc/tty
+proc/uptime
+proc/version
+proc/version_signature
+proc/vmallocinfo
+proc/vmstat
+proc/zoneinfo
+
+# /sys entries (keep in sync with lfi-os-files.data)
+# grep -E "^sys/" lfi-os-files.data
+sys/block
+sys/bus
+sys/class
+sys/dev
+sys/devices
+sys/firmware
+sys/fs
+sys/hypervisor
+sys/kernel
+sys/module
+sys/power

package/lib/nginx/includes/security/crs4/rules/restricted-upload.data

@@ -0,0 +1,177 @@
+# This list can be generated from restricted-files.data by running the following shell command:
+# body_start=$(grep -n -E -m 1 '^[^#$]' rules/restricted-upload.data | cut -d: -f1)
+# ed -s rules/restricted-upload.data <<EOF
+# $((body_start - 1)),\$d
+# w
+# q
+# EOF
+# words="$(awk ' !/^#/ {split($0, segments, "/")} {word = segments[length(segments)]} length(word) > 3 {print word}' rules/restricted-files.data | \
+#   sort | uniq)"
+# while read -r word; do
+#   if [ "$(util/fp-finder/spell.sh -m -e - <<<"${word}")" != "${word}" ]; then
+#     echo "${word}" >> rules/restricted-upload.data
+#   fi
+# done <<<"${words}"
+
+.DS_Store
+.addressbook
+.bash_
+.bashrc
+.bowerrc
+.cshrc
+.docker
+.env
+.eslintignore
+.eslintrc
+.fbcindex
+.forward
+.gitattributes
+.gitconfig
+.gitignore
+.gitlab-ci.yml
+.google_authenticator
+.hgignore
+.htaccess
+.htdigest
+.htpasswd
+.idea
+.jshintrc
+.ksh_history
+.lesshst
+.lhistory
+.lighttpdpassword
+.lldb-history
+.lynx_cookies
+.my.cnf
+.mysql_history
+.nano_history
+.node_repl_history
+.nsconfig
+.nsr
+.oh-my-
+.password-store
+.pearrc
+.pgpass
+.php_cs.dist
+.php_history
+.phpcs.xml
+.phpcs.xml.dist
+.pinerc
+.proclog
+.procmailrc
+.profile
+.psql_history
+.python_history
+.rediscli_history
+.rhistory
+.rhosts
+.sh_history
+.sqlite_history
+.tcshrc
+.travis.yml
+.user.ini
+.viminfo
+.vimrc
+.ws_ftp.ini
+.www_acl
+.wwwacl
+.xauthority
+.zhistory
+.zsh_history
+.zshrc
+Desktop.ini
+Dockerfile
+Thumbs.db
+Web.config
+acpi
+asound
+auth.json
+bootconfig
+bower.json
+buddyinfo
+cgroups
+cmdline
+composer.json
+composer.lock
+config.gz
+config.inc.php
+config.php
+config.sample.php
+config.yml
+config_dev.yml
+config_prod.yml
+config_test.yml
+cpuinfo
+database.yml
+defaults.inc.php
+default.settings.php
+diskstats
+dynamic_debug
+execdomains
+filesystems
+gruntfile.js
+hplip.conf
+hypervisor
+iomem
+ioports
+ipmi
+kallsyms
+kcore
+key-users
+kmsg
+kpagecgroup
+kpagecount
+kpageflags
+latency_stats
+loadavg
+local.xml
+mdstat
+meminfo
+mtrr
+notify-osd.log
+npm-debug.log
+npm-shrinkwrap.json
+ormconfig.json
+package-lock.json
+package.json
+packages.json
+pagetypeinfo
+parameters.php
+parameters.yml
+php.ini
+php_error.log
+php_errors.log
+phpcs.xml
+phpcs.xml.dist
+routing.yml
+sched_debug
+schedstat
+security.yml
+services.yml
+settings.inc.php
+settings.local.php
+settings.php
+sftp-config.json
+slabinfo
+soapConfig.xml
+softirqs
+sslvpn_websession
+sysrq-trigger
+sysvipc
+thread-self
+timer_list
+timer_stats
+tsconfig.json
+version_signature
+vmallocinfo
+vmstat
+weblogic.xml
+webpack.config.js
+wp-config.bak
+wp-config.old
+wp-config.php
+wp-config.temp
+wp-config.tmp
+wp-config.txt
+yarn.lock
+zoneinfo

package/lib/nginx/includes/security/crs4/rules/scanners-user-agents.data

@@ -0,0 +1,119 @@
+# This file lists what we think the most widely used
+# security scanners identifyable via their user agents.
+#
+# The list is curated by hand. Attempts to machine-generate
+# a larger list leads to a lot of false positives and edge
+# cases where certain scanners / bots are welcome in certain
+# situations. We consider this a baseline of unwanted scanners.
+
+
+# http://www.arachni-scanner.com/
+arachni
+
+betabot
+
+bewica-security-scan
+
+# Backup File Artifacts Checker
+# https://github.com/mazen160/bfac
+BFAC
+
+# Commix
+# https://github.com/commixproject/commix
+commix
+
+# Detectify website vulnerability scanner
+# https://detectify.com/
+Detectify
+
+# hidden page scanner
+# (deprecated) https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
+dirbuster
+
+fimap
+
+# vuln scanner
+# https://github.com/ffuf/ffuf
+fuzz faster
+
+# Scanner that looks for existing or hidden web objects
+# https://github.com/OJ/gobuster
+gobuster
+
+# sql injection
+havij
+
+hexometer
+
+jbrofuzz
+
+jorgee
+
+libwhisker
+
+# port scanner
+# https://github.com/robertdavidgraham/masscan
+masscan
+
+morfeus
+
+# The Mysterious Mozlila User Agent bot
+# https://trunc.org/learning/the-mozlila-user-agent-bot
+Mozlila
+
+# Nessus
+# http://www.tenable.com/products/nessus-vulnerability-scanner
+nessus
+
+netlab360
+
+netsparker
+
+# vuln scanner
+# https://cirt.net/Nikto2
+nikto
+
+nmap
+
+# https://github.com/projectdiscovery/nuclei
+nuclei
+
+# http://www.openvas.org/
+openvas
+
+sitelockspider
+
+# SQL Injections
+# http://sqlmap.org/
+sqlmap
+
+# https://www.cyber.nj.gov/threat-profiles/trojan-variants/sysscan
+sysscan
+
+# https://github.com/google/tsunami-security-scanner
+TsunamiSecurityScanner
+
+w3af.org
+
+# http://www.robotstxt.org/db/webbandit.html
+webbandit
+
+# (deprecated) http://www.scrt.ch/en/attack/downloads/webshag
+webshag
+
+# https://github.com/xmendez/wfuzz
+wfuzz
+
+whatweb
+
+wprecon
+
+# wordpress vuln scanner
+# https://wpscan.org/
+wpscan
+
+# ZGrab scanner (Mozilla/5.0 zgrab/0.x)
+# https://zmap.io
+zgrab
+
+zmeu