################################################################################################################# # Name : requesturi # Variable : $_SERVER['REQUEST_URI'] # Source : https://perishablepress.com/7g-firewall/ ################################################################################################################# ([a-z0-9]{2000,}) (=?\\(\'|%27)/?)(\.) (/)(\*|\"|\'|\.|,|&|&?)/?$ (\.)(php)(\()?([0-9]+)(\))?(/)?$ (/)(vbulletin|boards|vbforum)(/)? (\^|~|`|<|>|,|%|\\|\{|\}|\[|\]|\|) (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) (\.|20)(get|the)(_)(permalink|posts_page_url)(\() (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) (/)(127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? (\.)(conf(ig)?|ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) (/)((php|web)?shell|conf(ig)?|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|manage|msoffice|mysql|php|_?php-?my-?admin(.*)|revslider|sql|system|tmp|undefined|usage|var|vhosts|webmaster|www)(/) (base64_(en|de)code|benchmark|child_terminate|e?chr|eval|exec|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|conf(ig)?|ctl|dat|db|dll|eml|et2|exe|fec|fla|gz|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zip|zlib)$ (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|revslider|sql|ucp|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php)