From 395dc75615ed427c55c3852ca473a87452b28bd6 Mon Sep 17 00:00:00 2001 From: Mitchell Krog Date: Fri, 5 Jul 2019 08:23:09 +0200 Subject: [PATCH] Update Regex Pattern [ci skip] --- bots.d/blacklist-user-agents.conf | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/bots.d/blacklist-user-agents.conf b/bots.d/blacklist-user-agents.conf index bbba66b74..d2b69c193 100644 --- a/bots.d/blacklist-user-agents.conf +++ b/bots.d/blacklist-user-agents.conf @@ -5,8 +5,8 @@ # VERSION INFORMATION # #---------------------- -# Version: V4.2019.07 -# Updated: 2019-06-28 +# Version: V4.2019.08 +# Updated: 2019-07-05 #---------------------- # VERSION INFORMATION # @@ -40,25 +40,25 @@ # Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below. -# Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b|)" -# Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b|)" -# the "(?:\b)" and "(?:\b|)" are word boundaries which prevents partial matching and false positives. +# Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b)" +# Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b)" +# the "(?:\b)" and "(?:\b)" are word boundaries which prevents partial matching and false positives. # BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED # --------------------- # WHITELISTING EXAMPLES # --------------------- -# "~*(?:\b)someverygooduseragentname1(?:\b|)" 0; -# "~*(?:\b)someverygooduseragentname2(?:\b|)" 0; -# "~*(?:\b)some\-very\-good\-useragentname2(?:\b|)" 0; +# "~*(?:\b)someverygooduseragentname1(?:\b)" 0; +# "~*(?:\b)someverygooduseragentname2(?:\b)" 0; +# "~*(?:\b)some\-very\-good\-useragentname2(?:\b)" 0; # --------------------- # BLACKLISTING EXAMPLES # --------------------- -# "~*(?:\b)someverybaduseragentname1(?:\b|)" 3; -# "~*(?:\b)someverybaduseragentname2(?:\b|)" 3; -# "~*(?:\b)some\-very\-bad\-useragentname2(?:\b|)" 3; +# "~*(?:\b)someverybaduseragentname1(?:\b)" 3; +# "~*(?:\b)someverybaduseragentname2(?:\b)" 3; +# "~*(?:\b)some\-very\-bad\-useragentname2(?:\b)" 3; # Here are some default things I block on my own server, these appear in various types of injection attacks # You can disable them if you have problems or don't agree by switching thir value to 0 or moving them into the whitelist section first and then making their value 0 @@ -73,7 +73,7 @@ # MY BLACKLIST # ------------ -"~*(?:\b)x22(?:\b|)" 3; -"~*(?:\b){|}(?:\b|)" 3; -"~*(?:\b|)mb_ereg_replace(?:\b|)" 3; -"~*(?:\b|)file_put_contents(?:\b|)" 3; \ No newline at end of file +"~*(?:\b)x22(?:\b)" 3; +"~*(?:\b){|}(?:\b)" 3; +"~*(?:\b)mb_ereg_replace(?:\b)" 3; +"~*(?:\b)file_put_contents(?:\b)" 3;