# ------------------------------------------------------ # Imunify360 ModSecurity Rules # Copyright (C) 2026 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # ------------------------------------------------------ # Imunify360 ModSecurity Base Ruleset SecRule FILES_TMPNAMES "!@rx ^$" "id:33362,chain,pass,nolog,severity:5,t:none" SecRuleScript detectlua.lua "t:none,chain" SecRule FILES_TMPNAMES "!@rx ^$" "t:none" SecRule &TX:lua_present "@eq 0" "id:77350119,chain,phase:2,pass,nolog,severity:5,setvar:TX.py_scan_start=%{DURATION},tag:'service_im360',tag:'noshow'" SecRule FILES_TMPNAMES "!@rx ^$" "t:none" SecRule &TX:lua_present "@eq 0" "id:33363,nolog,auditLog,block,chain,severity:2,phase:2,t:none,msg:'IM360 WAF: Attempt to upload malware||Action:%{ARGS.action}||Scan duration:%{TX.py_scan_duration}||Sizes:%{FILES_SIZES}||Combined size:%{FILES_COMBINED_SIZE}||User:%{SCRIPT_USERNAME}||Filename:%{FILES}||Scanned:%{FILES_TMPNAMES}||SC:%{SCRIPT_FILENAME}||WPU:%{TX.wp_user}||RSV:8.02||T:APACHE||',tag:'service_im360'" SecRule FILES_TMPNAMES "@inspectFile /opt/alt/python35/share/imunify360/scripts/modsec_scan.py" "t:none,setvar:TX.py_scan_duration=%{DURATION},setvar:TX.py_scan_duration=-%{TX.py_scan_start}" SecRule &TX:lua_present "@eq 0" "id:77350120,chain,phase:2,pass,nolog,severity:5,setvar:TX.py_scan_time=%{DURATION},setvar:TX.py_scan_time=-%{TX.py_scan_start},tag:'service_im360',tag:'noshow'" SecRule FILES_TMPNAMES "!@rx ^$" "t:none" SecRule &TX:lua_present "@eq 1" "id:77350121,chain,phase:2,pass,nolog,severity:5,setvar:TX.lua_scan_start=%{DURATION},tag:'service_im360',tag:'noshow'" SecRule FILES_TMPNAMES "!@rx ^$" "t:none" SecRule &TX:lua_present "@eq 1" "id:33331,nolog,auditlog,block,chain,severity:2,phase:2,t:none,msg:'IM360 WAF: Attempt to upload malware||Action:%{ARGS.action}||Scan duration:%{TX.lua_scan_duration}||Sizes:%{FILES_SIZES}||Combined size:%{FILES_COMBINED_SIZE}||User:%{SCRIPT_USERNAME}||WPU:%{TX.wp_user}||Filename:%{FILES}||Scanned:%{FILES_TMPNAMES}||SC:%{SCRIPT_FILENAME}||RSV:8.02||T:APACHE||',tag:'service_im360'" SecRule FILES_TMPNAMES "@inspectFile inspectfile.lua" "t:none,setvar:TX.lua_scan_duration=%{DURATION},setvar:TX.lua_scan_duration=-%{TX.lua_scan_start}" SecRule &TX:lua_present "@eq 1" "id:77350122,chain,phase:2,pass,nolog,severity:5,setvar:TX.lua_scan_time=%{DURATION},setvar:TX.lua_scan_time=-%{TX.lua_scan_start},tag:'service_im360',tag:'noshow'" SecRule FILES_TMPNAMES "!@rx ^$" "t:none" SecRule FILES "!@rx ^$" "id:77317957,phase:5,pass,nolog,auditlog,severity:5,t:none,ctl:auditLogParts=ABFHZ,msg:'IM360 WAF: File upload||File:%{MATCHED_VAR}||Size:%{FILES_SIZES}||Combined:%{FILES_COMBINED_SIZE}||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||WPU:%{TX.wp_user}||Py time:%{TX.py_scan_time}||Lua time:%{TX.lua_scan_time}||RSV:8.02||T:APACHE||',tag:'service_im360',tag:'noshow'"