From e3d7b83059304f14b58102aade799692cef1160f Mon Sep 17 00:00:00 2001
From: vasco <vasco.guilherme.alves@gmail.com>
Date: Sun, 31 May 2026 20:11:27 +0100
Subject: [PATCH] mod security

---
 conf/modsecurity.conf | 20 ++++++++------------
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 1f03316..75cb3c3 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -7,22 +7,18 @@ SecAuditLogParts ABIJ
 SecAuditLogType Serial
 SecAuditLog /var/log/modsecurity/audit.log
 
-# SQL Injection protection
-SecRule ARGS "(?i)(union(\s+all)?\s+select|select\s+.*\s+from|insert\s+into|update\s+.*\s+set|delete\s+from|drop\s+table|or\s+1=1|--|#|/\*|\*/|\bexec\b|\bexecute\b)" \
+# sql injection
+SecRule ARGS "['\";]|--" \
     "id:950001,phase:2,deny,status:403,msg:'SQL Injection Attack Detected',log"
 
-# XSS / HTML Injection protection
-SecRule ARGS "(?i)(<script|javascript:|on\w+=|<img|<svg|<iframe|<object|<embed|<form|<input|%3c|%3e|%22|%27|%60)" \
+# xss / html injection
+SecRule ARGS "<.*>" \
     "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
 
-# Remote File Inclusion protection
-SecRule ARGS "(?i)(https?|ftp)://" \
-    "id:950005,phase:2,deny,status:403,msg:'Remote File Inclusion Attempt',log"
-
-# Command Injection protection
-SecRule ARGS "(?i)(;|&&|\|\||\$\(|\`|\bexec\b|\bcmd\b|\bsystem\b)" \
+# command injection
+SecRule ARGS "exec|cat|more|ls|dir|/etc/passwd" \
     "id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
 
-# Path Traversal protection
-SecRule ARGS "(\./|\.\./)" \
+# path traversal
+SecRule ARGS "(\./|\.\./)|ftp|metrics|api-docs" \
     "id:950007,phase:2,deny,status:403,msg:'Path Traversal Attempt',log"
\ No newline at end of file