-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_log_without_seclook
2 lines (2 loc) · 2.9 KB
/
example_log_without_seclook
1
2
r":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","OWASP_CRS/3.3.0"],"server":"Apache/2","engine_mode":"ENABLED"}}
{"transaction":{"time":"12/May/2021:13:32:04 --0400","transaction_id":"YJwRFNHPfEedFmUeK7-ZkAAAAJc","remote_address":"x.x.x.x","remote_port":44348,"local_address":"x.x.x.x","local_port":443},"request":{"request_line":"GET /wp-config.php_original HTTP/1.1","headers":{"Host":"example.com","User-Agent":"Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding":"gzip, deflate","Accept-Language":"en-US,en;q=0.9,fr;q=0.8","Cache-Control":"max-age=0","Connection":"keep-alive","Http_client_ip":"x.x.x.x","Http_x_forward_for":"x.x.x.x","Referer":"http://example.com/wp-config.php_original","Remote_addr":"x.x.x.x","Upgrade-Insecure-Requests":"1","X-Forward-For":"x.x.x.x","X-Real-Ip":"x.x.x.x"}},"response":{"protocol":"HTTP/1.1","status":406,"headers":{"Content-Length":"249","Keep-Alive":"timeout=2, max=100","Connection":"Keep-Alive","Content-Type":"text/html; charset=iso-8859-1"}},"audit_data":{"messages":["Access denied with code 406 (phase 2). Matched phrase \"wp-config.php\" at REQUEST_FILENAME. [file \"/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"124\"] [id \"930130\"] [msg \"Restricted File Access Attempt\"] [data \"Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_original\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.3.0\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/255/153/126\"] [tag \"PCI/6.5.4\"]"],"error_messages":["[file \"apache2_util.c\"] [line 271] [level 3] [client x.x.x.x] ModSecurity: Access denied with code 406 (phase 2). Matched phrase \"wp-config.php\" at REQUEST_FILENAME. [file \"/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf\"] [line \"124\"] [id \"930130\"] [msg \"Restricted File Access Attempt\"] [data \"Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_original\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS/3.3.0\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-lfi\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/255/153/126\"] [tag \"PCI/6.5.4\"] [hostname \"example.com\"] [uri \"/wp-config.php_original\"] [unique_id \"YJwRFNHPfEedFmUeK7-ZkAAAAJc\"]"],"action":{"intercepted":true,"phase":2,"message":"Matched phrase \"wp-config.php\" at REQUEST_FILENAME."},"handler":"proxy-server","stopwatch":{"p1":1030,"p2":1544,"p3":0,"p4":0,"p5":251,"sr":224,"sw":1,"l":0,"gc":0},"producer":["ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/)","OWASP_CRS/3.3.0"],"server":"Apache/2","engine_mode":"ENABLED"}}