Extra rules

We are developing extra rules to protect running harmful content (e.g. web shell) on servers, besides our commercial ModSecurity rules set.

When you enable additional rules, it gives you a higher level of security. However, extra rules may also increase the possibility of blocking some legitimate traffic due to false alarms (also named false positives or FPs). It is likely that you will need to add some whitelist for certain applications that need to receive complex input patterns.

If the rules are causing problems, report them to us so that we may develop them better suitably!

Webshell

The front page may open in web shells, but command execution is blocked.

  • Phoenix WebShell
  • FilesMan
  • c99shell
  • b374k
  • WSO
  • Ani-Shell

Scanners

  • Bad User-Agents
  • Unwanted crawlers (Cause High loads)

crawler

  • Search engine crawlers (Cause High loads)
  • mj12bot
  • BLEXBot
  • ClaudeBot
  • Bytespider
  • GPTBot
  • ImagesiftBot
  • ChatGPT
  • Meta-ExternalAgent

rbl

  • Bot’s (Cause DDOS & High loads)

More RBL information here.

reCaptcha

  • Bot’s crawling WordPress & Joomla logins (Cause DDOS & High loads)

More reCaptcha information here.

Usage

If you wanna use all rules, then you add extra parameter to download url like:

SecRemoteRules SERIAL https://rules.malware.expert/download.php?rules=generic&extra=webshell,scanner,crawler,rbl,recaptcha