# http://www.gotroot.com/mod_security+rules # Gotroot.com ModSecurity rules # Blacklist of rootkit sites, owned machines and other bad players # # Download from: http://www.gotroot.com/downloads/ftp/mod_security/owned-boxes.conf # # Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com) # Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved. # Redistribution is strictly prohibited in any form, including whole or in part. # # Version: N-20061010-01 # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. SecFilterSelective THE_REQUEST "\.frauenfinanzzentrum\.at" SecFilterSelective THE_REQUEST "von-der-igelhoehe\.de" SecFilterSelective THE_REQUEST "danger-soft\.com" SecFilterSelective THE_REQUEST "hellostrangermusic\.com/" SecFilterSelective THE_REQUEST "(/|\.)molganinovo\.ru/" SecFilterSelective THE_REQUEST "(\.|/)altunerhost\.com" SecFilterSelective THE_REQUEST "\.netfast\.org" SecFilterSelective THE_REQUEST "\.redcrew\.de" SecFilterSelective THE_REQUEST "(\.|/)elektroteh\.com/" SecFilterSelective THE_REQUEST "(\.|/)see-my-ip\.info/" SecFilterSelective THE_REQUEST "kanalia\.bimber\.pl" SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com" SecFilterSelective REQUEST_URI "https?:.*(\.|/)myspace\.si/" SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar" SecFilterSelective THE_REQUEST "(\.|/)wileyc\.edu/" SecFilterSelective THE_REQUEST "(\.|/)eks-darmstadt\.de" SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com" SecFilterSelective THE_REQUEST "\.albacrew\.us/" SecFilterSelective THE_REQUEST "\.tebel-gmbh\.de/" SecFilterSelective THE_REQUEST "(/|\.)defensacivil\.gov\.ec/" SecFilterSelective THE_REQUEST "(/|\.)wwop\.org" SecFilterSelective THE_REQUEST "\.kalin\.ru/" SecFilterSelective THE_REQUEST "destructive\.by\.ru/" SecFilterSelective THE_REQUEST "gulfchamber\.org/" SecFilterSelective THE_REQUEST "tckct\.co\.uk" SecFilterSelective THE_REQUEST "crimsonaddict\.com/" SecFilterSelective THE_REQUEST "(\.|/)webstorch\.com" SecFilterSelective THE_REQUEST "/213\.133\.108\.122/" SecFilterSelective THE_REQUEST "freewebtown\.com/" SecFilterSelective THE_REQUEST "(\.|/)tinypath\.com/" SecFilterSelective THE_REQUEST "rve\.cjb\.hu/" SecFilterSelective THE_REQUEST "69\.25\.64\.78" SecFilterSelective THE_REQUEST "(\.|/)xgamers\.com\.tw/" SecFilterSelective THE_REQUEST "(\.|/)balikesir\.edu\.tr/" SecFilterSelective THE_REQUEST "(\.|/)ocprojects\.com/" SecFilterSelective THE_REQUEST "(\.|/)casadejoaodebarro\.com\.br/" SecFilterSelective THE_REQUEST "\.extremus\.info/" SecFilterSelective THE_REQUEST "\.parit\.org/" SecFilterSelective THE_REQUEST "\.awardspace\.com" SecFilterSelective THE_REQUEST "(/|\.)haztek-software\.com" SecFilterSelective THE_REQUEST "(/|\.)geocities\.com/nirkan2k3/" SecFilterSelective THE_REQUEST "(/|\.)libracomm\.co\.uk/" SecFilterSelective THE_REQUEST "(/|\.)kloeckner-web\.de" SecFilterSelective THE_REQUEST "(/|\.)mirckurdu\.net/" SecFilterSelective THE_REQUEST "(/|\.)apk\.pt/" SecFilterSelective THE_REQUEST "(/|\.)asksevda\.net" SecFilterSelective THE_REQUEST "(/|\.)kacaktc\.com" SecFilterSelective THE_REQUEST "(/|\.)3-bius\.com" SecFilterSelective THE_REQUEST "(/|\.)injek-gw\.com" SecFilterSelective THE_REQUEST "(/|\.)brtdata\.com\.br/" SecFilterSelective THE_REQUEST "(/|\.)uaivip\.com\.br/" SecFilterSelective THE_REQUEST "(/|\.)boardtr\.com/" SecFilterSelective THE_REQUEST "(/|\.)radiouniversity\.net/" SecFilterSelective THE_REQUEST "(/|\.)velvet\.jp/" SecFilterSelective THE_REQUEST "(/|\.)loved\.com/" SecFilterSelective THE_REQUEST "(/|\.)kit\.net/" SecFilterSelective THE_REQUEST "(/|\.)warezworld\.cx/" SecFilterSelective THE_REQUEST "(/|\.)void\.ru/" SecFilterSelective THE_REQUEST "(/|\.)itabaiana\.se\.gov\.br" SecFilterSelective THE_REQUEST "(/|\.)ajadp\.net/" SecFilterSelective THE_REQUEST "(/|\.)perian-a\.biz" SecFilterSelective THE_REQUEST "(/|\.)rootshell\.be" SecFilterSelective THE_REQUEST "(/|\.)tododescargas\.com\.ve/" SecFilterSelective THE_REQUEST "(/|\.)caucasus\.net/" SecFilterSelective THE_REQUEST "(/|\.)iespana\.es/" SecFilterSelective THE_REQUEST "(/|\.)the-tronix\.net/" SecFilterSelective THE_REQUEST "(/|\.)classi-find\.net/" SecFilterSelective THE_REQUEST "(/|\.)albanet\.biz\.tc/" SecFilterSelective THE_REQUEST "(/|\.)wendyscountrycloset\.biz/" SecFilterSelective THE_REQUEST "(/|\.)meiemees\.pri\.ee" SecFilterSelective THE_REQUEST "(/|\.)geirinn\.is" SecFilterSelective THE_REQUEST "(/|\.)skullbocks\.org/" SecFilterSelective THE_REQUEST "(/|\.)byethost9\.com/" SecFilterSelective THE_REQUEST "(/|\.)hackermail2010\.ifrance\.com" SecFilterSelective THE_REQUEST "(/|\.)ifrance\.com/hackermail2010" SecFilterSelective THE_REQUEST "(/|\.)paul\.net\.pl/" SecFilterSelective THE_REQUEST "(/|\.)interfree\.it/" SecFilterSelective THE_REQUEST "\.albados\.com" SecFilterSelective THE_REQUEST "\.perqafohu\.com" SecFilterSelective THE_REQUEST "\.cside21\.com/" SecFilterSelective THE_REQUEST "200\.24\.117\.125" SecFilterSelective THE_REQUEST "elitemorgan\.com/" SecFilterSelective THE_REQUEST "\acesso\.t35\.com" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/jefferyladun/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/junhendra/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/xpl_gibson/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/kelvinkappa1/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/damon_shaft/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/gettoprince4u/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/brennanventures/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/solohackerlinks/" SecFilterSelective THE_REQUEST "(\.|/)albahost\.host\.sk/" SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar/" SecFilterSelective THE_REQUEST "\.manhattanservice\.com" SecFilterSelective THE_REQUEST "\.kurddomain\.net" SecFilterSelective THE_REQUEST "elmorgan\.com\.ar" SecFilterSelective THE_REQUEST "61\.1\.197\.244" SecFilterSelective THE_REQUEST "home\.arcor\.de" SecFilterSelective THE_REQUEST "\.turx\.nl" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/albacr3w/" SecFilterSelective THE_REQUEST "\.ifrance\.com" SecFilterSelective THE_REQUEST "pivadesign\.com\.br" SecFilterSelective THE_REQUEST "\.pc-phasechange\.it" SecFilterSelective THE_REQUEST "ciberia\.ya\.com" SecFilterSelective THE_REQUEST "\.starhack\.org" SecFilterSelective THE_REQUEST "sweet-serenity\.org" SecFilterSelective THE_REQUEST "\.uol\.com\.br" SecFilterSelective THE_REQUEST "aviozone\.com" SecFilterSelective THE_REQUEST "mptechno\.cz" SecFilterSelective THE_REQUEST "\.piranho\.de" SecFilterSelective THE_REQUEST "\.lilspage\.de" SecFilterSelective THE_REQUEST "209\.136\.48\.69" SecFilterSelective THE_REQUEST "216\.12\.103\.29" SecFilterSelective THE_REQUEST "209\.232\.227\.224" SecFilterSelective THE_REQUEST "200\.72\.130\.29" SecFilterSelective THE_REQUEST "209\.123\.16\.34" SecFilterSelective THE_REQUEST "\.mitchellwhite\.com" SecFilterSelective THE_REQUEST "full-comandos\.com" SecFilterSelective THE_REQUEST "members\.lycos\.co\.uk/tiara" SecFilterSelective THE_REQUEST "sharonfamilyandtravel\.com" SecFilterSelective THE_REQUEST "72\.18\.195\.161" SecFilterSelective THE_REQUEST "geocities\.com/hitam_putih_dalnet/" SecFilterSelective THE_REQUEST "cyberspiderwebdesign\.com" SecFilterSelective THE_REQUEST "\.softcarein\.com" SecFilterSelective THE_REQUEST "\.netmisphere2\.com" SecFilterSelective THE_REQUEST "juniorenkammer\.be" SecFilterSelective THE_REQUEST "\.itunisie\.com" SecFilterSelective THE_REQUEST "mitchellgeo\.com" SecFilterSelective THE_REQUEST "hackexpert\.net" SecFilterSelective THE_REQUEST "agi-zagi\.co\.kr" SecFilterSelective THE_REQUEST "\.f1-kingpin\.de" SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.free\.fr" SecFilterSelective THE_REQUEST "www\.designerwear\.co\.uk" SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.i8\.com" SecFilterSelective THE_REQUEST "danzarte\.cl" SecFilterSelective THE_REQUEST "\.ripway\.com" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "128\.173\.40\.113" SecFilterSelective THE_REQUEST "\.lycos\.co\.uk/metlak/" SecFilterSelective THE_REQUEST "\.xcop\.biz/" SecFilterSelective THE_REQUEST "sca\.postech\.ac\.kr" SecFilterSelective THE_REQUEST "www\.aauto\.no" SecFilterSelective THE_REQUEST "dsoulzin\.net" SecFilterSelective THE_REQUEST "\.altervista\.org" SecFilterSelective THE_REQUEST "\.yatas\.com" SecFilterSelective THE_REQUEST "bocor-team\.org" SecFilterSelective THE_REQUEST "s0l4r1sr0x\.com" SecFilterSelective THE_REQUEST "209\.16\.85\.15" SecFilterSelective THE_REQUEST "217\.160\.242\.90" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "216\.15\.209\.12" SecFilterSelective THE_REQUEST "216\.103\.82\.214" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/angienuka" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/saxalt/" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/hackersclup" SecFilterSelective THE_REQUEST "spykids\.info" SecFilterSelective THE_REQUEST "smellthecoffee\.com" SecFilterSelective THE_REQUEST "\.nana\.co\.il" SecFilterSelective THE_REQUEST "yavnek12\.co\.il" SecFilterSelective THE_REQUEST "billing\.veloxinternet\.com/" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es" SecFilterSelective THE_REQUEST "217\.114\.109\.11" SecFilterSelective THE_REQUEST "217\.160\.255\.44" SecFilterSelective THE_REQUEST "217\.160\.242\.90" SecFilterSelective THE_REQUEST "148\.81\.141\.12" SecFilterSelective THE_REQUEST "131\.155\.98\.128" SecFilterSelective THE_REQUEST "212\.114\.84\.18" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "192\.112\.220\.37" SecFilterSelective THE_REQUEST "pc-clinic\.fr" SecFilterSelective THE_REQUEST "clientes\.netvisao\.pt" SecFilterSelective THE_REQUEST "\.sanicentrum\.be" SecFilterSelective THE_REQUEST "www\.brain\.net\.pk" SecFilterSelective THE_REQUEST "web\.un1xtech\.com" SecFilterSelective THE_REQUEST "\.schost\.com\.br/" SecFilterSelective THE_REQUEST "neto5a\.iitalia\.com" SecFilterSelective THE_REQUEST "mesahigh\.com" SecFilterSelective THE_REQUEST "216\.111\.31\.2" SecFilterSelective THE_REQUEST "24\.224\.174\.18" SecFilterSelective THE_REQUEST "\.mcarthur.\org" SecFilterSelective THE_REQUEST "\.v10\.com\.br/" SecFilterSelective THE_REQUEST "agaman\.net" SecFilterSelective THE_REQUEST "\.what-a-pair\.com" SecFilterSelective THE_REQUEST "62\.101\.193\.244" SecFilterSelective THE_REQUEST "\.tutoworld\.org" SecFilterSelective THE_REQUEST "jupiterhost\.net/" SecFilterSelective THE_REQUEST "\.iyscrew\.com" SecFilterSelective THE_REQUEST "\.server4free\.de" SecFilterSelective THE_REQUEST "\.tikla\.org" SecFilterSelective THE_REQUEST "\.dps-ct\.com/" SecFilterSelective THE_REQUEST "66\.235\.216\.137" SecFilterSelective THE_REQUEST "labserver\.veter\.ucv\.ve" SecFilterSelective THE_REQUEST "\.eformidler\.dk" SecFilterSelective THE_REQUEST "febronio\.org" SecFilterSelective THE_REQUEST "zavisnici\.com" SecFilterSelective THE_REQUEST "\.2x4\.ru" SecFilterSelective THE_REQUEST "\.k4boom\.biz" SecFilterSelective THE_REQUEST "theperfecttitle\.com" SecFilterSelective THE_REQUEST "\.yhrhosting\.com" SecFilterSelective THE_REQUEST "\.nitrofx\.com" SecFilterSelective THE_REQUEST "(/|\.)ownsalldomains\.org" SecFilterSelective THE_REQUEST "(/|\.)ocktober\.com" SecFilterSelective THE_REQUEST "\.s5\.com" SecFilterSelective THE_REQUEST "\.systemcrew\.net" SecFilterSelective THE_REQUEST "www\.tutoworld\.org" SecFilterSelective THE_REQUEST "\.supereva\.it/" SecFilterSelective THE_REQUEST "\.frsirt\.com" SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/anangkd" SecFilterSelective THE_REQUEST "geocities\.com/anugerahnet" SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/bacardi_marv" SecFilterSelective THE_REQUEST "\.geocities\.com/" SecFilterSelective THE_REQUEST "/geocities\.com/" SecFilterSelective THE_REQUEST "\.freshmaker\.us" SecFilterSelective THE_REQUEST "packetx\.org" SecFilterSelective THE_REQUEST "\.de-soc-mac\.de" SecFilterSelective THE_REQUEST "\.leohissa\.oi\.com\.br" SecFilterSelective THE_REQUEST "\.fig0\.com" SecFilterSelective THE_REQUEST "\.brasilhoster\.net" SecFilterSelective THE_REQUEST "\.riteweld\.com" SecFilterSelective THE_REQUEST "216\.111\.31\.2" SecFilterSelective THE_REQUEST "\.fineca\.net" SecFilterSelective THE_REQUEST "r00nin\.vila\.bol\.com\.br" SecFilterSelective THE_REQUEST "\.bol\.com\.br" SecFilterSelective THE_REQUEST "freewebbe\.supereva\.it" SecFilterSelective THE_REQUEST "asianfiles\.deluxepass\.com" SecFilterSelective THE_REQUEST "sei26\.tripod\.com" SecFilterSelective THE_REQUEST "gigachat\.net" SecFilterSelective THE_REQUEST "www\.sos-deces\.be" SecFilterSelective THE_REQUEST "\.sosha\.it/" SecFilterSelective THE_REQUEST "\.pbholland\.com" SecFilterSelective THE_REQUEST "\.newtontidy\.com" SecFilterSelective THE_REQUEST "\.barretttree\.com" SecFilterSelective THE_REQUEST "agaman\.net" SecFilterSelective THE_REQUEST "anti-clones\.com" SecFilterSelective THE_REQUEST "www\.members\.lycos\.nl/sesli" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/toolsandcmd/" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/" SecFilterSelective THE_REQUEST "chancom\.webpal\.info" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/h4x0r_club/" SecFilterSelective THE_REQUEST "\.argaio\.net" SecFilterSelective THE_REQUEST "baixinhoo\.hpgvip\.com\.br" SecFilterSelective THE_REQUEST "\.zeldalegacies\.com" SecFilterSelective THE_REQUEST "simbafriends\.com/" SecFilterSelective THE_REQUEST "webshells\.org" SecFilterSelective THE_REQUEST "groupiys\.net" SecFilterSelective THE_REQUEST "megahostbr\.com" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/slash_slink" SecFilterSelective THE_REQUEST "\.357is\.com" SecFilterSelective THE_REQUEST "northfox\.uw\.hu" SecFilterSelective THE_REQUEST "\.dynalith\.com" SecFilterSelective THE_REQUEST "\.xplmanager\.com" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/thoronnn/" SecFilterSelective THE_REQUEST "\.terra\.com\.br/" SecFilterSelective THE_REQUEST "f58\.aaacafe\.ne.\jp/" SecFilterSelective THE_REQUEST "www\.derf\.hpgvip\.ig\.com\.br/" SecFilterSelective THE_REQUEST "rodrigo\.hcerto\.com/" SecFilterSelective THE_REQUEST "\.terror\.as\.ro/" SecFilterSelective THE_REQUEST "\.tntt\.org/meu/" SecFilterSelective THE_REQUEST "\.syscore\.hpgvip\.com\.br/" SecFilterSelective THE_REQUEST "\.hpgvip\.com\.br/" SecFilterSelective THE_REQUEST "ijoo\.homelinux\.com/" SecFilterSelective THE_REQUEST "\.derf\.hpgvip\.ig\.com\.br/" SecFilterSelective THE_REQUEST "\.100free\.com/" SecFilterSelective THE_REQUEST "\.lorenzo4ever\.de/" SecFilterSelective THE_REQUEST "visualcoders\.net/" SecFilterSelective THE_REQUEST "\.fendora\.net" SecFilterSelective THE_REQUEST "gigashell\.org/" SecFilterSelective THE_REQUEST "\.prir0x\.com/" SecFilterSelective THE_REQUEST "geocities\.com/madb0ss/" SecFilterSelective THE_REQUEST "geocities\.com/sapulinux/" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/dh4x0r/" SecFilterSelective THE_REQUEST ".*\.verizon\.net\.do/carlos.*" SecFilterSelective THE_REQUEST "mi\.verizon\.net\.do/carlos.*" SecFilterSelective THE_REQUEST "\.stanlley\.ubbi\.com\.br/" SecFilterSelective THE_REQUEST "xthost\.info/" SecFilterSelective THE_REQUEST "yaoibr\.vila\.bol\.com\.br/" SecFilterSelective THE_REQUEST "geocities\.com/catalin1713/" SecFilterSelective THE_REQUEST "visualcoders\.net/spy\." SecFilterSelective THE_REQUEST "\.digitalmedia\.org\.mk" SecFilterSelective THE_REQUEST "pharoeste\.net" SecFilterSelective THE_REQUEST "userbr\.info" SecFilterSelective THE_REQUEST "\.foxcf\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "medicine\.bjmu\.edu\.cn" SecFilterSelective THE_REQUEST "\.blueconnection\.com\.br" SecFilterSelective THE_REQUEST "\.ph4nt4sm4\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "\.mvhosted\.com" SecFilterSelective THE_REQUEST "\.0catch\.com" SecFilterSelective THE_REQUEST "newton\.100free\.com" SecFilterSelective THE_REQUEST "\.forplay\.com\.br" SecFilterSelective THE_REQUEST "\.geocities\.com/my_lusy" SecFilterSelective THE_REQUEST "lol\.freecoolsite\.com" SecFilterSelective THE_REQUEST "winscp\.net" SecFilterSelective THE_REQUEST "\.karpit\.net" SecFilterSelective THE_REQUEST "www\.partyradio\.ca" SecFilterSelective THE_REQUEST "\.triple-hhh\.de" SecFilterSelective THE_REQUEST "\.gottablaze\.com" SecFilterSelective THE_REQUEST "xanutz\.3x\.ro" SecFilterSelective THE_REQUEST "geocities\.com/anak_indekost" SecFilterSelective THE_REQUEST "themis\.geocities\.yahoo\.com" SecFilterSelective THE_REQUEST "\.geocities\.com/my_sweet_cute/" SecFilterSelective THE_REQUEST "\.angelfire\.com/zine2/" SecFilterSelective THE_REQUEST "72\.20\.34\.[0-9]+" SecFilterSelective THE_REQUEST "animehost\.de" SecFilterSelective THE_REQUEST "home\.online\.no/~p-shahr" SecFilterSelective THE_REQUEST "indragostit\.net" SecFilterSelective THE_REQUEST "hdr\.atspace\.com" SecFilterSelective THE_REQUEST "\.thecurse\.pop\.com\.br" SecFilterSelective THE_REQUEST "www\.w3zone\.com" SecFilterSelective THE_REQUEST "freecoolsite\.com" SecFilterSelective THE_REQUEST "freewebs\.com" SecFilterSelective THE_REQUEST "\.geocities\.com/chnsekip" SecFilterSelective THE_REQUEST "webcindario\.com" SecFilterSelective THE_REQUEST "ripdisk\.ma\.cx" SecFilterSelective THE_REQUEST "sinanreklam\.net" SecFilterSelective THE_REQUEST "members\.cox\.net/xjasonx" SecFilterSelective THE_REQUEST "\.bh-net\.dk" SecFilterSelective THE_REQUEST "\.mediaserve\.net" SecFilterSelective THE_REQUEST "\.inchon\.ne\.kr" SecFilterSelective THE_REQUEST "\.noti-auto.\com\.ar" SecFilterSelective THE_REQUEST "go0gler\.com" SecFilterSelective THE_REQUEST "hackbox\.t35\.com" SecFilterSelective THE_REQUEST ".*\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "honestgame\.net" SecFilterSelective THE_REQUEST "\.ecobook\.or\.kr" SecFilterSelective THE_REQUEST "\.fasecolda\.com" SecFilterSelective THE_REQUEST "212\.50\.30\.60" SecFilterSelective THE_REQUEST "\.nbail\.com" SecFilterSelective THE_REQUEST "\.kit\.net/" SecFilterSelective THE_REQUEST "\.ubbi\.com\.br" SecFilterSelective THE_REQUEST "\.k4boom\.biz/" SecFilterSelective THE_REQUEST "00freehost\.com" #Sites that host remote shells, etc. SecFilterSelective THE_REQUEST "security-protocols\.com" #Known sources that leak thru proxies SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 69\.50\.182\.154 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 202\.81\.60\.58 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.252\.91" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 211\.185\.59\.124 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "209\.165\.131\.23" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.246\.22" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.89\.50\.28" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.208\.48" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "159\.148\.29\.158" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.188\.73" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "200\.168\.0\.246" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.90\.52" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.27\.2" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "195\.55\.222\.19" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.32\.81" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.150\.163\.82" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.237\.226\.70" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.96\.125\.38" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.97\.97\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.98\.122\.111" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.8\.64\.21" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.191\.119\.122" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.33\.104\.158" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.171\.131" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.109\.180\.3" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.37\.184\.196" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "83\.57\.132\.206" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.13\.249" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "85\.129\.229\.111" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "86\.60\.16\.81" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "172\.168\.0\.1" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.4\.62" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.123\.250\.184" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "212\.116\.209\.234" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.127\.56\.24" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.36\.245\.100" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.78\.98" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.91\.33" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "unsecure-services" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "205\.177\.122\.162" #bad proxies SecFilterSelective HTTP_FORWARDED "mangostino\.ut\.edu\.co" SecFilterSelective HTTP_FORWARDED ".*\.cnh\.com" SecFilterSelective HTTP_FORWARDED "phenix-prog-phr" SecFilterSelective HTTP_FORWARDED "alfred\.nssi\.telus\.com" SecFilterSelective HTTP_FORWARDED "wadsworth\.nssi\.telus\.com" SecFilterSelective HTTP_VIA "\.ownsalldomains\.org" SecFilterSelective HTTP_VIA "cache\.topflash\.co\.kr" SecFilterSelective HTTP_VIA "\.quasar\.net\.id:8080" SecFilterSelective HTTP_VIA "\.serverpronto\.com" SecFilterSelective HTTP_VIA "\.fetish-expert\.org" SecFilterSelective HTTP_VIA "proxy\.hwai\.edu\.tw" SecFilterSelective HTTP_VIA "interno-1-1\.edn\.org\.br" SecFilterSelective HTTP_VIA "\.pt-server1\.bt\.com" SecFilterSelective HTTP_VIA "1\.1 cache-test-dtv-kno" SecFilterSelective HTTP_VIA "kdnproxy\.kdn\.gov\.my" SecFilterSelective HTTP_VIA "\.wisdomchina\.com" SecFilterSelective HTTP_VIA "1\.1 PALACIOISA" SecFilterSelective HTTP_VIA "1\.1 cache7\:80 \(squid" SecFilterSelective HTTP_VIA "1\.1 www\.pt-server1\.bt\.com" SecFilterSelective HTTP_VIA "revProxy\.foredu\.com\.cn" SecFilterSelective HTTP_VIA "\.salmanetwork\.com" SecFilterSelective HTTP_VIA "\.warnet\.com" SecFilterSelective HTTP_VIA "moses\.frc\.org" SecFilterSelective HTTP_VIA "1\.0 SQCNT3" SecFilterSelective HTTP_VIA "phenix-prog-phr" SecFilterSelective HTTP_VIA "1\.0 TIETONG" SecFilterSelective HTTP_VIA "webshield\.beitberl\.ac\.il" SecFilterSelective HTTP_VIA "1\.1 www\.any\.com" SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" SecFilterSelective HTTP_VIA "poczta\.prochowa12\.waw\.pl" SecFilterSelective HTTP_VIA "1\.1 ICACHE1" SecFilterSelective HTTP_VIA "1\.1 New-Proxy2" SecFilterSelective HTTP_VIA "1\.1 SERVEUR2000" SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" SecFilterSelective HTTP_VIA "1\.1 PROXY, 1\.0 NC2100" SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl" SecFilterSelective HTTP_VIA "1\.1 revproxy2" SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com" SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER" SecFilterSelective HTTP_VIA "1\.1 WORKGROU-OYOU4X" SecFilterSelective HTTP_VIA "1\.1 INKABANPINPROXY" SecFilterSelective HTTP_VIA "1\.1 DNS4" SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl" SecFilterSelective HTTP_VIA "1\.1 DBSV1008" SecFilterSelective HTTP_VIA "1\.1 NEWISA" SecFilterSelective HTTP_VIA "1\.1 CPGATEWAY02" SecFilterSelective HTTP_VIA "1\.1 router\:3128 \(KEN\!\)" SecFilterSelective HTTP_VIA "1\.1 PROXYSRV\, 1\.0 supercache5" SecFilterSelective HTTP_VIA "1\.1 ATIPLS1" SecFilterSelective HTTP_VIA "1\.0 SMART\, 1\.0 LOIER2800\:" SecFilterSelective HTTP_VIA "1\.1 62\.93\.34\.160" SecFilterSelective HTTP_VIA "1\.1 fwall\.belcomct\.net" SecFilterSelective HTTP_VIA "1\.1 ZERT-EWDGNMVXUF" SecFilterSelective HTTP_VIA "1\.1 su\.tkp\.edu\.hk" #SecFilterSelective HTTP_VIA "HTTP/1\.1 proxy\[AC1.*" SecFilterSelective HTTP_VIA "HTTP/1\.1 proxy\[AC1E0247" SecFilterSelective HTTP_VIA "1\.1 compujuan\.com\.es" SecFilterSelective HTTP_VIA "1\.1 FEDERATION" #SecFilterSelective HTTP_VIA "1\.1 SERVER-ISA" SecFilterSelective HTTP_VIA "1\.1 EXACTWAPPROXY" SecFilterSelective HTTP_VIA "1\.1 GRNSERVER" SecFilterSelective HTTP_VIA "1\.1 www\.satem\.gob\.ve" SecFilterSelective HTTP_VIA "1\.1 nilcombi\.nilcom\.fr" SecFilterSelective HTTP_VIA "1\.1 cellulant\.lifeismobile\.com" SecFilterSelective HTTP_VIA "1\.1 SR2300-SE7501-H" SecFilterSelective HTTP_VIA "1\.1 www\.dmi\.es" #SecFilterSelective HTTP_VIA "1\.0 cache2\.jed" SecFilterSelective HTTP_VIA "1\.1 BRHCYBER" SecFilterSelective HTTP_VIA "1\.1 132\.110\.2\.12" SecFilterSelective HTTP_VIA "1\.1 .*\.pivotoffice\.com" SecFilterSelective HTTP_VIA "1\.1 .*\.mundo-r\.com" SecFilterSelective HTTP_VIA "1\.1 FAMILYCAREREHAB" SecFilterSelective HTTP_VIA "1\.1 INFORMASERVER" SecFilterSelective HTTP_VIA "1\.1 ITISA" #SecFilterSelective HTTP_VIA "1\.1 NetCache-CLNS-STACK-1" SecFilterSelective HTTP_VIA "1\.1 .*\.as5587\.net" SecFilterSelective HTTP_VIA "1\.1 Maua" SecFilterSelective HTTP_VIA "1\.1 JUNIOR" SecFilterSelective HTTP_VIA "1\.1 offsetinternet" SecFilterSelective HTTP_VIA ".*codevasf\.gov\.br" SecFilterSelective HTTP_VIA "1\.1 www\.aha\.at" SecFilterSelective HTTP_VIA "1\.1 ucavilapruebas\.es" SecFilterSelective HTTP_VIA "1\.1 .*\.insightfirst\.com" SecFilterSelective HTTP_VIA "1\.1 if3\.insightfirst\.com" SecFilterSelective HTTP_VIA "1\.1 SERV132" SecFilterSelective HTTP_VIA "1\.1 CacheFORCE" SecFilterSelective HTTP_VIA "1\.1 dgc-squid" #SecFilterSelective HTTP_VIA "1\.1 CS6200C" SecFilterSelective HTTP_VIA "1\.1 NTS-SERVER" SecFilterSelective HTTP_VIA "1\.1 AJF-JTC-ISA01" SecFilterSelective HTTP_VIA "1\.1 neptun\.ci\.uw\.edu\.pl" SecFilterSelective HTTP_VIA "1\.1 2-net\.ro" SecFilterSelective HTTP_VIA "1\.1 .*\.usscript\.com" SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3" SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX" SecFilterSelective HTTP_VIA "1\.1 .*\.arbuzowa\.net" SecFilterSelective HTTP_VIA "1\.1 www\.kevsclub\.com" SecFilterSelective HTTP_VIA "1\.0 KALIMBA" SecFilterSelective HTTP_VIA "1\.0 NETOUT-SERVER" SecFilterSelective HTTP_VIA "1\.0 NTMARVWALL01" SecFilterSelective HTTP_VIA "1\.0 PROXYSES2" SecFilterSelective HTTP_VIA "1\.0 ptcdb\.edu\.ps" SecFilterSelective HTTP_VIA "1\.0 px1nr \(NetCache NetApp/5\.6\.1D25\)" SecFilterSelective HTTP_VIA "1\.0 px8so \(NetCache NetApp/5\.6\.1D25\)" SecFilterSelective HTTP_VIA "1\.0 SERV132, 1\.0 netcache1 \(NetCache NetApp/6\.0\.1\)" SecFilterSelective HTTP_VIA "1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\), TEKIYA03, 1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\)" #SecFilterSelective HTTP_VIA "1\.1 10\.0\.1\.20" #SecFilterSelective HTTP_VIA "1\.1 127\.0\.0\.1" SecFilterSelective HTTP_VIA "1\.1 146\.83\.216\.207" SecFilterSelective HTTP_VIA "1\.1 202\.88\.250\.211" SecFilterSelective HTTP_VIA "1\.1 213\.155\.209\.204" SecFilterSelective HTTP_VIA "1\.1 accel10\.click21\.com\.br" SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" SecFilterSelective HTTP_VIA "1\.1 athos\.chem\.demokritos\.gr" SecFilterSelective HTTP_VIA "1\.1 ATIPLS1" SecFilterSelective HTTP_VIA "1\.1 BBSM52" #SecFilterSelective HTTP_VIA "1\.1 bnb-cache1 \(NetCache NetApp.*\), 1\.1 rba-cache1" SecFilterSelective HTTP_VIA "1\.1 cacheB\.ipko\.net" SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER" SecFilterSelective HTTP_VIA "1\.1 CATHODE" #SecFilterSelective HTTP_VIA "1\.1 cha-cache1 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 CSB-NC2 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 cuchimilco\.huaral\.org" SecFilterSelective HTTP_VIA "1\.1 DBSV1008" SecFilterSelective HTTP_VIA "1\.1 dns2\.araxa\.com\.br" SecFilterSelective HTTP_VIA "1\.1 EMERSON, 1\.0 C6100 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 EPPD_SERVER" SecFilterSelective HTTP_VIA "1\.1 fox-server1\.foxschool\.lan" SecFilterSelective HTTP_VIA "1\.1 http-istcf1" SecFilterSelective HTTP_VIA "1\.1 JUNIOR" #SecFilterSelective HTTP_VIA "1\.1 lnac2 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 LTSP03\.glenwood\.k12\.mo\.us" #SecFilterSelective HTTP_VIA "1\.1 MAILSERVER" SecFilterSelective HTTP_VIA "1\.1 natty\.intranet" #SecFilterSelective HTTP_VIA "1\.1 netcache1-ctn \(NetCache NetApp.*" #SecFilterSelective HTTP_VIA "1\.1 netcache1 \(NetCache NetApp.*" #SecFilterSelective HTTP_VIA "1\.1 NetCache3 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 NetCache-CLNS-STACK-1 \(NetCache NetApp.*" #SecFilterSelective HTTP_VIA "1\.1 nme-nxg-pr1\.tpg\.com\.au" SecFilterSelective HTTP_VIA "1\.1 no-dns\.as5587\.net" SecFilterSelective HTTP_VIA "1\.1 ns07\.contentex\.net" SecFilterSelective HTTP_VIA "1\.1 NYNETSRV01" SecFilterSelective HTTP_VIA "1\.1 OTXXSERV" SecFilterSelective HTTP_VIA "1\.1 proxy\.marshall\.k12\.wi\.us" SecFilterSelective HTTP_VIA "1\.1 SERV132, 1\.0 netcache1 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 SERVER-ISA" SecFilterSelective HTTP_VIA "1\.1 SERVEUR-CYBER" SecFilterSelective HTTP_VIA "1\.1 slave02\.terrarica\.net" SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com" SecFilterSelective HTTP_VIA "1\.1 spacebears" SecFilterSelective HTTP_VIA "1\.1 squid2-sydny\.eftel\.com" SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3" SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX" SecFilterSelective HTTP_VIA "1\.1 trixie" SecFilterSelective HTTP_VIA "1\.1 wc-02 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" SecFilterSelective HTTP_VIA "1\.1 www\.arbuzowa\.net" SecFilterSelective HTTP_VIA "1\.1 www\.gkcabunoc\.com" SecFilterSelective HTTP_VIA "1\.1 addyon\.webair\.com" SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" SecFilterSelective HTTP_VIA "1\.1 proxy\.pcdl\.gov\.br" SecFilterSelective HTTP_VIA "1\.1 ichigo\.icsmail\.net" SecFilterSelective HTTP_VIA "1\.1 80\.177\.18\.74" SecFilterSelective HTTP_VIA "1\.1 raptor[0-9][a-z]\.watchdog\.net\.nz" SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\..*\.maxnet\.net\.nz" SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\.akl[0-9]\.maxnet\.net\.nz" SecFilterSelective HTTP_VIA "1\.1 POMGFIREWALL" SecFilterSelective HTTP_VIA "1\.1 alfred\.nssi\.telus\.com" SecFilterSelective HTTP_VIA "1\.1 .*\.acdi-cida\.gc\.ca" SecFilterSelective HTTP_VIA "CIDA13\.acdi-cida\.gc\.ca" #generic sig for a bad site SecFilterSelective REQUEST_URI "(http|https|ftp).*\.exs\.cx/.*/nc4hk\.swf"