#scope:<access_control>::scope_data:<ccmsdev:ccmsdevuserauth>
access_domain = *
access_extmatch = *
access_extmatch_seq = 1000
access_protection_level = 1
access_siteminder_policy_server_decides = 0
access_status = 1
access_url = /*
allow_any_authenticated_user = 1
auth_login_method = 0
auth_svc_send_auth_headers = 0
authorization_result_cache = 2
ignore_query_string = 0
#scope:<auth_ldap_svc_user_realm>::scope_data:<crystalclean>
auth_ldap_realm_svr_ip = 192.168.21.15
auth_ldap_realm_svr_port = 389
auth_realm_base_dn = CrystalClean
auth_realm_bind_dn = ccwebfilterldap
auth_realm_bind_passwd = hGcC2250
auth_realm_group_filter = (&(objectClass=group)(member=%user_dn))
auth_realm_login_attribute = sAMAccountName
auth_realm_member_attribute = sAMAccountName
auth_realm_query_for_group = 0
auth_realm_secure_ldap_connection = none
auth_realm_type_ldap = 1
#scope:<auth_ldap_svc_user_realm>::scope_data:<internal>
auth_ldap_realm_svr_ip = 127.0.0.1
auth_ldap_realm_svr_port = 389
auth_realm_base_dn = ou=Engineering,o=barracudanetworks,c=us
auth_realm_bind_dn = cn=Manager
auth_realm_bind_passwd = secret
auth_realm_group_filter = (&(objectClass=posixGroup)(memberUid=%user))
auth_realm_login_attribute = uid
auth_realm_member_attribute = cn
auth_realm_query_for_group = 1
auth_realm_retries = 3
auth_realm_secure_ldap_connection = none
auth_realm_type_ldap = 0
connection_security = 0
distribution_mode = 0

# global config file for Barracuda WebApplication Firewall
#
# each line may be one of the following:
#    blank line
#    comment: any line beginning with a "#" sign - please note
#        that # in the middle of the line will not be considered a comment
#    key = value pair
#    continuation: any line that contains text, but begins with white space
#        is assumed to be a continuation of a list started with the previous
#        key/value pair

#scope:<global>::scope_data:<>
allow_multiple_user_sessions = 0
attackdef_update_frequency = Hourly
audit_log_messages_per_page = 20
auth_ldap_svc_user_realm_name = internal
  CRYSTALCLEAN
authorization_cache_timeout = 30
backup_config = 1
backup_consolidate = 1
backup_life = 5
backup_port = 21
backup_type = ftp
branding_device_name = Barracuda Web Site Firewall
bridge_mode = ACTIVE
bridge_switch_all = 1
cluster_systems = 192.168.21.249
cluster_systems_mode = Active
cluster_systems_quarantine = 
cluster_systems_serial = 151500
config_db_version = 710
cookie_encryption_expiry_timezone = 0
cookie_encryption_key = cO+lGD6RdgG2xJG0rELsx/y9TolA/0Uc6fdt9fnKS0L5W5xUORtY/grxx26zzQvzYoE3ZkJFeo0Fu8ao0DopA3AQbRMw8POhaiOUHoLFTUivsQaiT/gnvx3L2sgi3MeS
cookie_encryption_key_expiry = 2009-03-03 00:00:00
default_locale = en_US
default_log_level = 5
enable_bypass_mode = 0
failback_mode = 0
firewall_log_messages_per_page = 20
ftp_server_ssl_status = 1
hard_bypass_mode = 0
http_port = 8000
http_session_length = 20
https_allow_ssl2 = Yes
https_links = No
https_only = No
https_port = 443
lan_ip = 0.0.0.0
lan_ip_as_mgmt = 0
lan_netmask = 0.0.0.0
login_enable_lockdown = Yes
logs_custom_format = %h %l %u %t %r %s %b
logs_ftp_server_port = 21
max_cache_size_percent = 20
mgmt_ip = 0.0.0.0
mgmt_ip_as_mgmt = 0
mgmt_netmask = 0.0.0.0
monitor_lan_link = 1
monitor_mgmt_link = 0
monitor_wan_link = 1
operational_mode = proxy
report_max_lines = 5
request_buffer_size = 1
request_buffer_size_unlimited = 0
response_page_name = default
scana_update_virus_defs = Yes
scana_update_virus_defs_frequency = Hourly
secdef_update_frequency = Hourly
sendmail_host = 
sendmail_port = 25
service_name = CCMSDEV
session_information_name = ASP-DOT-NET-session
  ColdFusion-session
  J2EE-session
  J2EE-JSESSIONID-Cookie-session
  J2EE-JSESSIONID-URL-session
  JWS-ID-session
  PHPSESSID-session
  PHPSESSIONID-session
  PHP-BB-MYSQL-session
  ASPSESSIONID-session
  SAP-session
snmp_community_string = public
ssl_use_private_ca = Default
standard_log_formats = clf
support_tunnel_timeout = 432000
system_back_ip = 0.0.0.0
system_default_domain = barracudanetworks.com
system_default_hostname = Barracuda
system_gateway = 192.168.21.1
system_ip = 192.168.21.249
system_ip_as_mgmt = 1
system_netmask = 255.255.255.0
system_ntp_server = update01.barracudanetworks.com
system_password = admin
system_primary_dns_server = 192.168.21.15
system_secondary_dns_server = 
system_serial = 151500
system_ssh_allow_ip = 0/32
system_ssh_enable = Yes
system_timezone = America/Los_Angeles
system_use_backport = no
url_extension_list = dll
  exe
  asp
  pdf
  fdf
  au
  bmp
  z
  gif
  html
  htm
  shtml
  js
  mocha
  jpeg
  jpg
  jpe
  jfif
  pjpeg
  pjp
  mp2
  mpa
  abs
  mpeg
  mpg
  mpe
  mpv
  vbs
  mlv
  pcx
  txt
  text
  mov
  tiff
  tar
  avi
  wav
  gz
  zip
  gzip
  pl
  jsp
  nsf
  swf
  css
  aspx
  cgi
  do
  sh
  php
  tcl
  py
  pyc
  bat
  bin
  vb
  cs
  action
  swe
  cfm
  php3
  axd
  dwr
  php4
user_session_timeout = 15
virtual_ip_config_address = 192.168.21.247
virtual_ip_config_interface = WAN
virtual_ip_config_netmask = 255.255.255.0
vsite_type = 0
web_firewall_policy_name = default
  sharepoint
  owa
  oracle
web_log_messages_per_page = 20
#scope:<response_page>::scope_data:<default>
rp_body = The specified URL cannot be found
rp_headers = Connection: Close
  Content-Type: text/html
rp_status_code = 404 Not Found
#scope:<server>::scope_data:<ccmsdev:192.168.21.40_80>
backup_svr_status = 0
cp_client_impersonation_status = 0
cp_keepalive_timeout = 900000
cp_max_conn = 10000
cp_max_open_conn = 100
cp_max_others = 10
cp_max_refused = 10
cp_max_req = 1000
cp_max_req_per_conn = 0
cp_max_spare_conn = 0
cp_max_timeout = 10
cp_status = 0
cp_timeout = 300000
http_mon_req_method = GET
http_mon_status_code = 200
out_of_band_mon_interval = 10
out_of_band_mon_status = 1
ssl_ignore_server_cert_validation = 0
ssl_policy_status = 0
svr_ip = 192.168.21.40
svr_lb_status_code = 0
svr_lb_weight = 1
svr_port = 80
svr_redirect_msg = Moved
svr_redirect_status = 0
svr_redirect_status_code = 302
svr_ssl_des3_sha_enable = 1
svr_ssl_enable_ssl3 = 1
svr_ssl_enable_tls = 1
svr_ssl_max_active_sessions = 2048
svr_ssl_rc4_md5_enable = 1
svr_ssl_session_resumption = 1
svr_ssl_session_timeout = 300
svr_status = in-service
tcp_mon_max_reset_errors = 3
tcp_mon_max_timeout_errors = 3
tcp_mon_max_total_probe = 3
#scope:<service>::scope_data:<ccmsdev>
access_control_name = CCMSDEVUserAuth
app_profile_check_default_policy = 1
app_profile_session_cookie_timeout = 15
app_profile_state = 1
app_profile_use_profile = 1
aps_acl_content_protection_status = 0
aps_attack_prevention_log = 5
aps_attack_prevention_passive = 1
aps_attack_prevention_status = 1
aps_attack_prevention_trusted_hosts_action = 2
aps_auto_correct_ignore_case = 1
aps_instant_ssl_status = 0
aps_redirect_status = 0
aps_req_rewrite_action = 0
aps_req_rewrite_condition = *
aps_req_rewrite_continue = 1
aps_req_rewrite_header = X-Forwarded-For
aps_req_rewrite_oldval = *
aps_req_rewrite_policy_name = default-req-rewrite-rule
aps_req_rewrite_rule_status = 1
aps_req_rewrite_sequence = 1
aps_req_rewrite_substitute = $SRC_ADDR
aps_rewrite_sharepoint_support = 0
aps_rewrite_status = 0
aps_url_acl_domain = *
aps_url_acl_header = *
aps_url_acl_header_weight = 1
aps_url_acl_monitor = 0
aps_url_acl_name = default-url-policy
aps_url_acl_parse_urls_in_scripts = 1
aps_url_acl_rate_control_binding = 
aps_url_acl_response_charset = 15
aps_url_acl_status = 1
aps_url_acl_url = /*
auth_realm = CRYSTALCLEAN
auth_siteminder_cookie_source_ip_check = 1
auth_siteminder_sso_handle_cookie_provider_url = 0
auth_status = 1
auth_svc_cookie_path = /
auth_svc_idle_timeout = 15
auth_svc_login_processor = /nclogin.submit
auth_svc_loginfail_url = http://www.crystal-clean.com/contact/
auth_svc_loginsuccess_url = http://www.crystal-clean.com/products_services/
auth_svc_logoutsuccess_url = http://www.crystal-clean.com
auth_svc_trusted_hosts_action = 0
auth_svc_update_interval = 30
bf_attack_criterion = 0
bf_exception_clients = 
bf_max_allowed_per_ip = 10
bf_max_allowed_sources = 100
bf_resp_code_status = 0
bf_total_interval = 60
bf_url_acl_status = 0
cache_expiry_age = 60
cache_max_objsize = 256
cache_min_objsize = 256
cache_negative_response = 0
cache_req_cachehdrs_ignore = 0
cache_resp_cachehdrs_ignore = 0
cache_status = 0
compress_min_obj_size = 8192
compress_status = 0
compress_unknown_content_type = 0
ftp_aps_authentication = 0
if_mask = 255.255.255.0
keepalive_requests = 64
keepalive_timeout = 60
lb_algorithm = 0
lb_max_req_slow_start = 0
lb_mode = SLB
lb_redirect_msg = Moved
lb_redirect_status = 0
lb_redirect_status_code = 302
lb_status = 1
learning_max_changes_before_update = 10
learning_profile_update_interval = 15
learning_request_learning = 1
learning_response_learning = 1
learning_status = 0
log_status = 1
nc_sso_is_master_app = 0
persistency_cookie_name = persistence
persistency_cookie_security = 0
persistency_failover_method = LB
persistency_idle_timeout = 600
persistency_method = NONE
persistency_use_imode = 0
policy_is_default = 0
rate_pol_status = 0
rsa_am_cookie_ip_check = 1
server_name = 192.168.21.40_80
service_app_protocol = NONE
service_creation_time = 1234553376
service_ip = 192.168.21.247
service_port = 80
service_status = 1
service_switch_mode = 0
service_type = HTTP
ssl_accept_any_policy = 1
ssl_accept_explicit_policy = 0
ssl_des3_sha_enable = 1
ssl_enable_ssl3 = 1
ssl_enable_tls = 1
ssl_export_ciphers_enable = 0
ssl_inhibit_any_policy = 0
ssl_inhibit_policy_mapping = 1
ssl_max_active_sessions = 2048
ssl_rc4_md5_enable = 1
ssl_req_client_auth = 0
ssl_req_client_auth_enforce_cert = 1
ssl_session_resumption = 1
ssl_session_timeout = 300
ssl_status = 0
st_max_interval = 60
st_max_session_per_ip = 10
st_status = 0
tranparent_persistency_idle_timeout = 600
transparent_persistency_failover_method = LB
transparent_persistency_method = NONE
web_firewall_policy_binding = default
#scope:<session_information>::scope_data:<asp-dot-net-session>
si_session_token_name = ASP.Net_SessionID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<aspsessionid-session>
si_session_token_name = ASPSESSIONID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<coldfusion-session>
si_session_token_name = CFID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-jsessionid-cookie-session>
si_session_token_name = JSESSIONID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-jsessionid-url-session>
si_session_token_name = ;JSESSIONID
si_session_token_type = 6
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-session>
si_session_token_name = JSESSION
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<jws-id-session>
si_session_token_name = jwssessionid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<php-bb-mysql-session>
si_session_token_name = phpbb2mysqlsession
si_session_token_type = 5
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<phpsessid-session>
si_session_token_name = phpsessid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<phpsessionid-session>
si_session_token_name = phpsessionid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<sap-session>
si_session_token_name = sid
si_session_token_type = 6
si_url_session_token_end_delimiter = )
si_url_session_token_start_delimiter = (
#scope:<web_firewall_policy>::scope_data:<default>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  1
  0
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  ssn
  directory-indexing
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  1
  0
aps_content_protection_type = credit-cards
  social-security-numbers
  directory-indexing
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = metacharacter-matched-in-header
  custom-attack-pattern-in-header
  sql-injection-in-header
  cross-site-scripting-in-header
  os-command-injection-in-header
  directory-traversal-in-header
  error-response-suppressed
  identity-theft-pattern-matched-in-response
  response-header-suppressed
  directory-traversal-beyond-root
  post-request-without-content-length
  pre-1.0-request
  invalid-method
  malformed-version
  malformed-end-of-request-line
  malformed-header
  invalid-header
  malformed-cookie
  get-request-with-content-length-header
  http-1.1-request-without-host
  multiple-content-length-headers
  malformed-parameter
  large-parameter-in-post-data
  invalid-or-malformed-http-request
  malformed-content-length
  domain-not-found-in-profile
  no-url-profile-match
  total-request-length-exceeded
  header-value-length-exceeded
  invalid-url-encoding
  slash-dot-in-url-path
  tilde-in-url-path
  cookie-length-exceeded
  url-length-exceeded
  url-query-length-exceeded
  header-count-exceeded
  total-request-line-length-exceeded
  cookie-count-exceeded
  cookie-name-length-exceeded
  header-name-length-exceeded
  too-many-sessions-for-ip
  unrecognized-cookie
  cookie-tampered
  cookie-expired
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  brute-force-from-ip
  brute-force-from-all-sources
  invalid-url-character-set
  forbidden-method
  unknown-content-type-in-post-body
  content-length-exceeded
  query-string-not-allowed
  parameter-name-length-exceeded
  too-many-uploaded-files
  too-many-parameters
  session-not-found
  no-param-profile-match
  custom-attack-pattern-in-url
  sql-injection-pattern-in-url
  cross-site-scripting-pattern-in-url
  os-command-injection-pattern-in-url
  remote-file-inclusion-pattern-in-url
  read-only-or-hidden-parameter-tampered
  session-invariant-parameter-tampered
  session-choice-parameter-tampered
  max-instances-of-parameter-exceeded
  mandatory-parameter-missing
  parameter-value-not-allowed
  forbidden-file-extension
  file-upload-size-exceeded
  metacharacter-in-parameter
  parameter-length-exceeded
  custom-attack-pattern-in-parameter
  parameter-input-validation-failed
  sql-injection-pattern-in-parameter
  cross-site-scripting-pattern-in-parameter
  os-command-injection-pattern-in-parameter
  directory-traversal-pattern-in-parameter
  session-context-not-found
  remote-file-inclusion-pattern-in-parameter
  cross-site-request-forgery-attack-detected
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 7
  35
  36
  37
  38
  39
  17
  63
  61
  16
  25
  60
  118
  119
  120
  121
  122
  124
  125
  126
  127
  128
  129
  77
  123
  130
  131
  0
  6
  11
  14
  15
  41
  42
  43
  44
  140
  141
  142
  143
  144
  30
  31
  32
  116
  117
  145
  146
  12
  5
  26
  40
  132
  147
  148
  149
  161
  163
  171
  166
  167
  168
  170
  134
  135
  136
  137
  138
  139
  150
  151
  152
  154
  155
  156
  157
  158
  159
  160
  162
  164
  165
attack_group = header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  response-violations
  response-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  application-profile-violations
  application-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
cookie_replay_protection_type = 1
global_adr_action = 0
  1
  2
  2
  2
  2
  2
  2
  2
  1
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  *
  (URI-Path req \/.*%23[^/]*)
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  *
  *
  *
  *
  (Header Translate eq F)
  *
global_adr_extended_match_sequence = 1
  1
  1
  2
  1
  1
  1
  1
  1
  1
global_adr_name = robots.txt
  favicon.ico
  backups-prefix-hash
  backups-prefix-copy
  backups-suffix-sav
  backups-suffix-bak
  backups-suffix-old
  phpinfo
  translate-f-vulnerability
  access-control-login-url
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /*/robots.txt
  /*/favicon.ico
  /*
  /*
  /*.sav
  /*.bak
  /*.old
  /*/phpinfo.php
  /*.asp
  /nclogin.submit
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1000
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  HEAD
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<oracle>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  1
  0
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  ssn
  directory-indexing
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  1
  0
aps_content_protection_type = credit-cards
  social-security-numbers
  directory-indexing
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = metacharacter-matched-in-header
  custom-attack-pattern-in-header
  sql-injection-in-header
  cross-site-scripting-in-header
  os-command-injection-in-header
  directory-traversal-in-header
  error-response-suppressed
  identity-theft-pattern-matched-in-response
  response-header-suppressed
  directory-traversal-beyond-root
  post-request-without-content-length
  pre-1.0-request
  invalid-method
  malformed-version
  malformed-end-of-request-line
  malformed-header
  invalid-header
  malformed-cookie
  get-request-with-content-length-header
  http-1.1-request-without-host
  multiple-content-length-headers
  malformed-parameter
  large-parameter-in-post-data
  invalid-or-malformed-http-request
  malformed-content-length
  domain-not-found-in-profile
  no-url-profile-match
  total-request-length-exceeded
  header-value-length-exceeded
  invalid-url-encoding
  slash-dot-in-url-path
  tilde-in-url-path
  cookie-length-exceeded
  url-length-exceeded
  url-query-length-exceeded
  header-count-exceeded
  total-request-line-length-exceeded
  cookie-count-exceeded
  cookie-name-length-exceeded
  header-name-length-exceeded
  too-many-sessions-for-ip
  unrecognized-cookie
  cookie-tampered
  cookie-expired
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  brute-force-from-ip
  brute-force-from-all-sources
  invalid-url-character-set
  forbidden-method
  unknown-content-type-in-post-body
  content-length-exceeded
  query-string-not-allowed
  parameter-name-length-exceeded
  too-many-uploaded-files
  too-many-parameters
  session-not-found
  no-param-profile-match
  custom-attack-pattern-in-url
  sql-injection-pattern-in-url
  cross-site-scripting-pattern-in-url
  os-command-injection-pattern-in-url
  remote-file-inclusion-pattern-in-url
  read-only-or-hidden-parameter-tampered
  session-invariant-parameter-tampered
  session-choice-parameter-tampered
  max-instances-of-parameter-exceeded
  mandatory-parameter-missing
  parameter-value-not-allowed
  forbidden-file-extension
  file-upload-size-exceeded
  metacharacter-in-parameter
  parameter-length-exceeded
  custom-attack-pattern-in-parameter
  parameter-input-validation-failed
  sql-injection-pattern-in-parameter
  cross-site-scripting-pattern-in-parameter
  os-command-injection-pattern-in-parameter
  directory-traversal-pattern-in-parameter
  session-context-not-found
  remote-file-inclusion-pattern-in-parameter
  cross-site-request-forgery-attack-detected
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 7
  35
  36
  37
  38
  39
  17
  63
  61
  16
  25
  60
  118
  119
  120
  121
  122
  124
  125
  126
  127
  128
  129
  77
  123
  130
  131
  0
  6
  11
  14
  15
  41
  42
  43
  44
  140
  141
  142
  143
  144
  30
  31
  32
  116
  117
  145
  146
  12
  5
  26
  40
  132
  147
  148
  149
  161
  163
  171
  166
  167
  168
  170
  134
  135
  136
  137
  138
  139
  150
  151
  152
  154
  155
  156
  157
  158
  159
  160
  162
  164
  165
attack_group = header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  response-violations
  response-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  application-profile-violations
  application-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
cookie_replay_protection_type = 1
global_adr_action = 2
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  3
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  3
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
global_adr_extended_match_sequence = 1000
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_name = catch-all-deny
  diag-pack-vuln
  oa-media-gif
  oa-media-jpg
  oa-media-jpeg
  oa-media-bmp
  oa-html-gif
  oa-html-jpg
  oa-html-jpeg
  oa-html-bmp
  oa-html-js
  oa-html-css
  oa-html-xss
  oa-html-xls
  oa-html-avi
  oa-html-htm
  oa-html-html
  robots.txt
  favicon.ico
  access-control-login-url
  one.jsp
  a.jsp
  calendarDialog.jsp
  frameRedirect.jsp
  fred.jsp
  gr.jsp
  fnderror.jsp
  redirect-root
  oracle.jsp
  OA.jsp
  RF.jsp
  AppsLocalLogin.jsp
  AppsLocalLogout.jsp
  OALogout.jsp
  OAErrorPage.jsp
  OAErrorDetailPage.jsp
  fndvalid.jsp
  AppsLogin
  sso.AppsLogin
  sso.AppsLogout
  redirect-help
  oajinit.exe
  j-oajinit.exe
  f60cgi
  find_icx_launch.launch
  find_icx_launch.runforms
  OA_JAVA.gif
  OA_JAVA.jpg
  OA_JAVA.jpeg
  OA_JAVA.bmp
  fndforms.jar
  fndformsi18n.jar
  fndewt.jar
  fndswing.jar
  fndbalishare.jar
  fndaol.jar
  fndctx.jar
  fndlist.jar
  fndutil.jar
  KeyboardFocusManager.class
  MainBeanInfo.class
  SunMainBeanInfo.class
  JBufferedAppletBeanInfo.class
  SunJBufferedAppletBeanInfo.class
  BufferedAppletBeanInfo.class
  SunBufferedAppletBeanInfo.class
  PopupAppletBeanInfo.class
  SunPopupAppletBeanInfo.class
  Sensor.class
  Registry.dat
  OracleApplications.dat
  properties
  formservlet
  glhelib.jar
  glahelib.jar
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  /OA_HTML/AppsLocalLogin.jsp
  
  
  
  
  
  
  
  
  
  
  
  
  /help/
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /*
  /OA_HTML/jtfqa*
  /OA_MEDIA/*.gif
  /OA_MEDIA/*.jpg
  /OA_MEDIA/*.jpeg
  /OA_MEDIA/*.bmp
  /OA_HTML/*.gif
  /OA_HTML/*.jpg
  /OA_HTML/*.jpeg
  /OA_HTML/*.bmp
  /OA_HTML/*.js
  /OA_HTML/*.css
  /OA_HTML/*.xss
  /OA_HTML/*.xls
  /OA_HTML/*.avi
  /OA_HTML/*.htm
  /OA_HTML/*.html
  /*/robots.txt
  /*/favicon.ico
  /nclogin.submit
  /OA_HTML/cabo/jsps/1.jsp
  /OA_HTML/cabo/jsps/a.jsp
  /OA_HTML/cabo/jsps/calendarDialog.jsp
  /OA_HTML/cabo/jsps/frameRedirect.jsp
  /OA_HTML/cabo/jsps/fred.jsp
  /OA_HTML/cabo/jsps/gr.jsp
  /OA_HTML/fnderror.jsp
  /
  /oa_servlets/oracle.jsp.JspServlet
  /OA_HTML/OA.jsp
  /OA_HTML/RF.jsp
  /OA_HTML/AppsLocalLogin.jsp
  /OA_HTML/AppsLocalLogout.jsp
  /OA_HTML/OALogout.jsp
  /OA_HTML/OAErrorPage.jsp
  /OA_HTML/OAErrorDetailPage.jsp
  /OA_HTML/fndvald.jsp
  /oa_servelets/AppsLogin
  /oa_servelets/oracle.apps.find.sso.AppsLogin
  /oa_servelets/oracle.apps.find.sso.AppsLogout
  /OA_HTML/jsp/fnd/fndhelp.jsp
  /html/oajinit.exe
  /jinitiator/oajinit.exe
  /dev60cgi/f60cgi
  /pls/*/fnd_icx_launch.launch
  /pls/*/fnd_icx_launch.runforms
  /OA_JAVA/*.gif
  /OA_JAVA/*.jpg
  /OA_JAVA/*.jpeg
  /OA_JAVA/*.bmp
  /OA_JAVA/oracle/apps/fnd/jar/fndforms.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndewt.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndswing.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndbalishare.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndaol.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndctx.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndlist.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndutil.jar
  /OA_JAVA/java/awt/KeyboardFocusManager.class
  /OA_JAVA/oracle/forms/engine/MainBeanInfo.class
  /OA_JAVA/sun/beans/infos/MainBeanInfo.class
  /OA_JAVA/oracle/ewt/swing/JBufferedAppletBeanInfo.class
  /OA_JAVA/sun/beans/infos/JBufferedAppletBeanInfo.class
  /OA_JAVA/oracle/ewt/lwAWT/BufferedAppletBeanInfo.class
  /OA_JAVA/sun/beans/infos/BufferedAppletBeanInfo.class
  /OA_JAVA/oracle/ewt/popup/PopupAppletBeanInfo.class
  /OA_JAVA/sun/beans/infos/PopupAppletBeanInfo.class
  /OA_JAVA/oracle/dms/instrument/Sensor.class
  /OA_JAVA/oracle/forms/registry/Registry.dat
  /OA_JAVA/oracle/apps/fnd/formsClient/OracleApplications.dat
  /OA_JAVA/oracle/*.properties
  /forms/formservlet
  /OA_JAVA/oracle/apps/gl/jar/glhelib.jar
  /OA_JAVA/oracle/apps/gl/jar/glahelib.jar
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1000
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  HEAD
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<owa>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  1
  0
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  ssn
  directory-indexing
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  1
  0
aps_content_protection_type = credit-cards
  social-security-numbers
  directory-indexing
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 0
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = metacharacter-matched-in-header
  custom-attack-pattern-in-header
  sql-injection-in-header
  cross-site-scripting-in-header
  os-command-injection-in-header
  directory-traversal-in-header
  error-response-suppressed
  identity-theft-pattern-matched-in-response
  response-header-suppressed
  directory-traversal-beyond-root
  post-request-without-content-length
  pre-1.0-request
  invalid-method
  malformed-version
  malformed-end-of-request-line
  malformed-header
  invalid-header
  malformed-cookie
  get-request-with-content-length-header
  http-1.1-request-without-host
  multiple-content-length-headers
  malformed-parameter
  large-parameter-in-post-data
  invalid-or-malformed-http-request
  malformed-content-length
  domain-not-found-in-profile
  no-url-profile-match
  total-request-length-exceeded
  header-value-length-exceeded
  invalid-url-encoding
  slash-dot-in-url-path
  tilde-in-url-path
  cookie-length-exceeded
  url-length-exceeded
  url-query-length-exceeded
  header-count-exceeded
  total-request-line-length-exceeded
  cookie-count-exceeded
  cookie-name-length-exceeded
  header-name-length-exceeded
  too-many-sessions-for-ip
  unrecognized-cookie
  cookie-tampered
  cookie-expired
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  brute-force-from-ip
  brute-force-from-all-sources
  invalid-url-character-set
  forbidden-method
  unknown-content-type-in-post-body
  content-length-exceeded
  query-string-not-allowed
  parameter-name-length-exceeded
  too-many-uploaded-files
  too-many-parameters
  session-not-found
  no-param-profile-match
  custom-attack-pattern-in-url
  sql-injection-pattern-in-url
  cross-site-scripting-pattern-in-url
  os-command-injection-pattern-in-url
  remote-file-inclusion-pattern-in-url
  read-only-or-hidden-parameter-tampered
  session-invariant-parameter-tampered
  session-choice-parameter-tampered
  max-instances-of-parameter-exceeded
  mandatory-parameter-missing
  parameter-value-not-allowed
  forbidden-file-extension
  file-upload-size-exceeded
  metacharacter-in-parameter
  parameter-length-exceeded
  custom-attack-pattern-in-parameter
  parameter-input-validation-failed
  sql-injection-pattern-in-parameter
  cross-site-scripting-pattern-in-parameter
  os-command-injection-pattern-in-parameter
  directory-traversal-pattern-in-parameter
  session-context-not-found
  remote-file-inclusion-pattern-in-parameter
  cross-site-request-forgery-attack-detected
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 7
  35
  36
  37
  38
  39
  17
  63
  61
  16
  25
  60
  118
  119
  120
  121
  122
  124
  125
  126
  127
  128
  129
  77
  123
  130
  131
  0
  6
  11
  14
  15
  41
  42
  43
  44
  140
  141
  142
  143
  144
  30
  31
  32
  116
  117
  145
  146
  12
  5
  26
  40
  132
  147
  148
  149
  161
  163
  171
  166
  167
  168
  170
  134
  135
  136
  137
  138
  139
  150
  151
  152
  154
  155
  156
  157
  158
  159
  160
  162
  164
  165
attack_group = header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  response-violations
  response-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  application-profile-violations
  application-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
cookie_replay_protection_type = 1
global_adr_action = 1
  0
  1
  2
  2
  2
  2
  2
  2
  2
  1
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  *
  *
  (URI-Path req \/.*%23[^/]*)
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  *
  *
  *
  *
  (Header Translate eq F)
  *
global_adr_extended_match_sequence = 1
  1
  1
  1
  2
  1
  1
  1
  1
  1
  1
global_adr_name = rpcproxy
  robots.txt
  favicon.ico
  backups-prefix-hash
  backups-prefix-copy
  backups-suffix-sav
  backups-suffix-bak
  backups-suffix-old
  phpinfo
  translate-f-vulnerability
  access-control-login-url
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /rpc/rpcproxy.dll
  /*/robots.txt
  /*/favicon.ico
  /*
  /*
  /*.sav
  /*.bak
  /*.old
  /*/phpinfo.php
  /*.asp
  /nclogin.submit
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1024
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  PUT
  HEAD
  CONNECT
  OPTIONS
  DELETE
  SEARCH
  POLL
  PROPFIND
  BMOVE
  BCOPY
  SUBSCRIBE
  MOVE
  PROPPATCH
  BPROPPATCH
  BDELETE
  MKCOL
  RPC_OUT_DATA
  RPC_IN_DATA
  COPY
  ERROR
  LOCK
  PURGE
  TRACE
  UNLOCK
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  application/x-www-UTF8-encoded
  text/xml
  text/plain
  application/vnd.ms-sync.wbxml
  message/rfc822
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<sharepoint>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  1
  0
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  ssn
  directory-indexing
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  1
  0
aps_content_protection_type = credit-cards
  social-security-numbers
  directory-indexing
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = metacharacter-matched-in-header
  custom-attack-pattern-in-header
  sql-injection-in-header
  cross-site-scripting-in-header
  os-command-injection-in-header
  directory-traversal-in-header
  error-response-suppressed
  identity-theft-pattern-matched-in-response
  response-header-suppressed
  directory-traversal-beyond-root
  post-request-without-content-length
  pre-1.0-request
  invalid-method
  malformed-version
  malformed-end-of-request-line
  malformed-header
  invalid-header
  malformed-cookie
  get-request-with-content-length-header
  http-1.1-request-without-host
  multiple-content-length-headers
  malformed-parameter
  large-parameter-in-post-data
  invalid-or-malformed-http-request
  malformed-content-length
  domain-not-found-in-profile
  no-url-profile-match
  total-request-length-exceeded
  header-value-length-exceeded
  invalid-url-encoding
  slash-dot-in-url-path
  tilde-in-url-path
  cookie-length-exceeded
  url-length-exceeded
  url-query-length-exceeded
  header-count-exceeded
  total-request-line-length-exceeded
  cookie-count-exceeded
  cookie-name-length-exceeded
  header-name-length-exceeded
  too-many-sessions-for-ip
  unrecognized-cookie
  cookie-tampered
  cookie-expired
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  brute-force-from-ip
  brute-force-from-all-sources
  invalid-url-character-set
  forbidden-method
  unknown-content-type-in-post-body
  content-length-exceeded
  query-string-not-allowed
  parameter-name-length-exceeded
  too-many-uploaded-files
  too-many-parameters
  session-not-found
  no-param-profile-match
  custom-attack-pattern-in-url
  sql-injection-pattern-in-url
  cross-site-scripting-pattern-in-url
  os-command-injection-pattern-in-url
  remote-file-inclusion-pattern-in-url
  read-only-or-hidden-parameter-tampered
  session-invariant-parameter-tampered
  session-choice-parameter-tampered
  max-instances-of-parameter-exceeded
  mandatory-parameter-missing
  parameter-value-not-allowed
  forbidden-file-extension
  file-upload-size-exceeded
  metacharacter-in-parameter
  parameter-length-exceeded
  custom-attack-pattern-in-parameter
  parameter-input-validation-failed
  sql-injection-pattern-in-parameter
  cross-site-scripting-pattern-in-parameter
  os-command-injection-pattern-in-parameter
  directory-traversal-pattern-in-parameter
  session-context-not-found
  remote-file-inclusion-pattern-in-parameter
  cross-site-request-forgery-attack-detected
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 7
  35
  36
  37
  38
  39
  17
  63
  61
  16
  25
  60
  118
  119
  120
  121
  122
  124
  125
  126
  127
  128
  129
  77
  123
  130
  131
  0
  6
  11
  14
  15
  41
  42
  43
  44
  140
  141
  142
  143
  144
  30
  31
  32
  116
  117
  145
  146
  12
  5
  26
  40
  132
  147
  148
  149
  161
  163
  171
  166
  167
  168
  170
  134
  135
  136
  137
  138
  139
  150
  151
  152
  154
  155
  156
  157
  158
  159
  160
  162
  164
  165
attack_group = header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  header-violations
  response-violations
  response-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  application-profile-violations
  application-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
cookie_replay_protection_type = 1
global_adr_action = 0
  1
  2
  2
  2
  2
  2
  2
  2
  1
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  *
  (URI-Path req \/.*%23[^/]*)
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  *
  *
  *
  *
  (Header Translate eq F)
  *
global_adr_extended_match_sequence = 1
  1
  1
  2
  1
  1
  1
  1
  1
  1
global_adr_name = robots.txt
  favicon.ico
  backups-prefix-hash
  backups-prefix-copy
  backups-suffix-sav
  backups-suffix-bak
  backups-suffix-old
  phpinfo
  translate-f-vulnerability
  access-control-login-url
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /*/robots.txt
  /*/favicon.ico
  /*
  /*
  /*.sav
  /*.bak
  /*.old
  /*/phpinfo.php
  /*.asp
  /nclogin.submit
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 4096
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
  PostBody
url_protection_allow_methods = GET
  POST
  PUT
  HEAD
  CONNECT
  OPTIONS
  BDELETE
  BMOVE
  COPY
  DELETE
  ERROR
  LOCK
  MKCOL
  MOVE
  PROPFIND
  PROPPATCH
  PURGE
  TRACE
  UNLOCK
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  application/x-www-UTF8-encoded
  application/x-vermeer-urlencoded
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
