defanator · August 31, 2017 16:59
diff --git a/modsec-debug-fail.log b/modsec-debug-fail.log
 [9] JSON parser initialization
 [9] yajl JSON parsing callback initialization
 [4] Initializing transaction
 [4] Transaction context created.
 [4] Starting phase CONNECTION. (SecRules 0)
 [9] This phase consists of 32 rule(s).
 [4] Starting phase URI. (SecRules 0 + 1/2)
 [4] Starting phase REQUEST_HEADERS.  (SecRules 1)
 [9] This phase consists of 134 rule(s).
 [4] (Rule: 200000) Executing operator "Rx" with param "(?:text|application)/xml" against REQUEST_HEADERS:Content-Type.
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200001) Executing operator "Rx" with param "application/json" against REQUEST_HEADERS:Content-Type.
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 900990) Executing unconditional rule...
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:crs_setup_version with value: 302
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901001) Executing operator "Eq" with param "0" against TX:crs_setup_version.
 [9] Target value: "1" (Variable: TX:crs_setup_version)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 901100) Executing operator "Eq" with param "0" against TX:inbound_anomaly_score_threshold.
 [9] Target value: "0" (Variable: TX:inbound_anomaly_score_threshold)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:inbound_anomaly_score_threshold with value: 5
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901110) Executing operator "Eq" with param "0" against TX:outbound_anomaly_score_threshold.
 [9] Target value: "0" (Variable: TX:outbound_anomaly_score_threshold)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:outbound_anomaly_score_threshold with value: 4
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901120) Executing operator "Eq" with param "0" against TX:paranoia_level.
 [9] Target value: "0" (Variable: TX:paranoia_level)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:paranoia_level with value: 1
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901130) Executing operator "Eq" with param "0" against TX:sampling_percentage.
 [9] Target value: "0" (Variable: TX:sampling_percentage)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sampling_percentage with value: 100
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901140) Executing operator "Eq" with param "0" against TX:critical_anomaly_score.
 [9] Target value: "0" (Variable: TX:critical_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:critical_anomaly_score with value: 5
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901141) Executing operator "Eq" with param "0" against TX:error_anomaly_score.
 [9] Target value: "0" (Variable: TX:error_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:error_anomaly_score with value: 4
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901142) Executing operator "Eq" with param "0" against TX:warning_anomaly_score.
 [9] Target value: "0" (Variable: TX:warning_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:warning_anomaly_score with value: 3
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901143) Executing operator "Eq" with param "0" against TX:notice_anomaly_score.
 [9] Target value: "0" (Variable: TX:notice_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:notice_anomaly_score with value: 2
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901150) Executing operator "Eq" with param "0" against TX:do_reput_block.
 [9] Target value: "0" (Variable: TX:do_reput_block)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:do_reput_block with value: 0
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901152) Executing operator "Eq" with param "0" against TX:reput_block_duration.
 [9] Target value: "0" (Variable: TX:reput_block_duration)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:reput_block_duration with value: 300
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901160) Executing operator "Eq" with param "0" against TX:allowed_methods.
 [9] Target value: "0" (Variable: TX:allowed_methods)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_methods with value: GET HEAD POST OPTIONS
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901162) Executing operator "Eq" with param "0" against TX:allowed_request_content_type.
 [9] Target value: "0" (Variable: TX:allowed_request_content_type)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_request_content_type with value: application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901163) Executing operator "Eq" with param "0" against TX:allowed_http_versions.
 [9] Target value: "0" (Variable: TX:allowed_http_versions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_http_versions with value: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901164) Executing operator "Eq" with param "0" against TX:restricted_extensions.
 [9] Target value: "0" (Variable: TX:restricted_extensions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:restricted_extensions with value: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901165) Executing operator "Eq" with param "0" against TX:restricted_headers.
 [9] Target value: "0" (Variable: TX:restricted_headers)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:restricted_headers with value: /proxy/ /lock-token/ /content-range/ /translate/ /if/
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901166) Executing operator "Eq" with param "0" against TX:static_extensions.
 [9] Target value: "0" (Variable: TX:static_extensions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:static_extensions with value: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901200) Executing unconditional rule...
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sql_injection_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:xss_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:rfi_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:lfi_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:rce_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:php_injection_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:http_violation_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:session_fixation_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:inbound_anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:outbound_anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sql_error_match with value: 0
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901318) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS:User-Agent.
 [9]  T (0) t:sha1: "Á	ò∑xak@sÈ‡´Í,#K+Ü+"
 [9]  T (1) t:hexEncode: "ffffffe709ffffff98ffffffb778616b4073ffffffe9ffffffe0ffffffabffffffea2c234b2b1dff (8 characters omitted)"
 [9] Target value: "ffffffe709ffffff98ffffffb778616b4073ffffffe9ffffffe0ffffffabffffffea2c234b2b1dff (8 characters omitted)" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: matched_var to: curl/7.52.1
 [8] Saving variable: TX:ua_hash with value: curl/7.52.1
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901321) Executing unconditional rule...
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: remote_addr to: 127.0.0.1
 [8] Saving variable: TX:real_ip with value: 127.0.0.1
 [9] Rule contains a `pass' action
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: initcol
 [5] Collection `global' initialized with value: global
 [4] Running (non-disruptive) action: initcol
 [6] Resolving: remote_addr to: 127.0.0.1
 [6] Resolving: tx.ua_hash to: curl/7.52.1
 [5] Collection `ip' initialized with value: 127.0.0.1_curl/7.52.1
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901400) Executing operator "Eq" with param "100" against TX:sampling_percentage.
 [9] Target value: "100" (Variable: TX:sampling_percentage)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-SAMPLING
 [9] Skipped rule id '901410' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901420' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901430' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901440' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901450' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-SAMPLING
 [9] Rule: END-SAMPLING
 [4] Out of a SecMarker after skip 6.000000 rules.
 [4] (Rule: 9001180) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/admin/content/assets/add/[a-z]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001182) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/admin/content/assets/manage/[0-9]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001184) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/file/ajax/field_asset_[a-z0-9_]+/[ua]nd/0/form-[a-z0-9A-Z_-]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9002000) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress.
 [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-WORDPRESS
 [9] Skipped rule id '9002200' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002300' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002400' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS-ADMIN
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS
 [4] Out of a SecMarker after skip 5.000000 rules.
 [4] (Rule: 905100) Executing operator "StrEq" with param "GET /" against REQUEST_LINE.
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 905110) Executing operator "Rx" with param "^(GET /|OPTIONS \*) HTTP/[12]\.[01]$" against REQUEST_LINE.
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
 [9] Skipped rule id '910015' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '910017' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: END-REQUEST-910-IP-REPUTATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 911011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 911013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Skipped rule id '911015' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '911017' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 912100) Executing operator "Eq" with param "0" against TX:dos_burst_time_slice.
 [9] Target value: "0" (Variable: TX:dos_burst_time_slice)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_counter_threshold.
 [9] Target value: "0" (Variable: TX:dos_counter_threshold)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_block_timeout.
 [9] Target value: "0" (Variable: TX:dos_block_timeout)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_DOS_PROTECTION_CHECKS
 [9] Skipped rule id '912011' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912120' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912130' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912013' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912015' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912017' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END_DOS_PROTECTION_CHECKS
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 913011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
 [9] Skipped rule id '913015' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913017' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: END-REQUEST-913-SCANNER-DETECTION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 920011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920160) Executing operator "Rx" with param "^\d+$" against REQUEST_HEADERS:Content-Length.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Skipped rule id '920015' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920017' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 921011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Skipped rule id '921015' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921017' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 930011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Skipped rule id '930015' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '930017' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 931011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Skipped rule id '931015' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931017' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 932011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Skipped rule id '932015' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '932017' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 933011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Skipped rule id '933015' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933017' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 941011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Skipped rule id '941015' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941017' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 942011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Skipped rule id '942015' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942017' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 943011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Skipped rule id '943015' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '943017' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 949011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 949013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Skipped rule id '949015' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '949017' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: END-REQUEST-949-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 980011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
 [9] Skipped rule id '980015' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '980017' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: END-RESPONSE-980-CORRELATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [9] Appending request body: 3 bytes. Limit set to: 13107200.000000
 [4] Starting phase REQUEST_BODY. (SecRules 2)
 [4] Adding request argument (POST): name "d", value "b"
 [9] This phase consists of 315 rule(s).
 [4] (Rule: 200002) Executing operator "Eq" with param "0" against REQBODY_ERROR.
 [6] Resolving: reqbody_error_msg to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200003) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
 [6] Resolving: REQBODY_PROCESSOR_ERROR to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_QUOTED to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_WHITESPACE to: NULL
 [6] Resolving: MULTIPART_DATA_BEFORE to: NULL
 [6] Resolving: MULTIPART_DATA_AFTER to: NULL
 [6] Resolving: MULTIPART_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_LF_LINE to: NULL
 [6] Resolving: MULTIPART_MISSING_SEMICOLON to: NULL
 [6] Resolving: MULTIPART_INVALID_QUOTING to: NULL
 [6] Resolving: MULTIPART_INVALID_PART to: NULL
 [6] Resolving: MULTIPART_INVALID_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_FILE_LIMIT_EXCEEDED to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200004) Executing operator "Eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200005) Executing operator "StrEq" with param "0" against TX.
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001000) Executing operator "Eq" with param "0" against TX:crs_exclusions_drupal|TX:crs_exclusions_drupal.
 [9] Target value: "0" (Variable: TX:crs_exclusions_drupal)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-DRUPAL-RULE-EXCLUSIONS
 [9] Skipped rule id '9001100' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001110' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001112' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001114' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001116' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001122' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001124' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001126' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001128' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001140' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001160' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001170' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001200' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001202' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001204' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001206' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001208' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001210' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001212' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001214' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001216' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: END-DRUPAL-RULE-EXCLUSIONS
 [4] Out of a SecMarker after skip 22.000000 rules.
 [4] (Rule: 9002001) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress.
 [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-WORDPRESS
 [9] Skipped rule id '9002100' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002120' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002130' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002150' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002160' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002401' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002410' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002420' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002520' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002530' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002540' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002600' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002700' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002710' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002720' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002730' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002740' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002750' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002760' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002800' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002810' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002820' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002900' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS-ADMIN
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS
 [4] Out of a SecMarker after skip 25.000000 rules.
 [4] (Rule: 910012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910000) Executing operator "Eq" with param "1" against TX:DO_REPUT_BLOCK.
 [6] Resolving: ip.reput_block_reason to: NULL
 [9] Target value: "0" (Variable: TX:DO_REPUT_BLOCK)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910100) Executing operator "Rx" with param "^$" against TX:HIGH_RISK_COUNTRY_CODES.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910120) Executing operator "Eq" with param "1" against IP.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910130) Executing operator "Eq" with param "0" against TX:block_suspicious_ip.
 [9] Target value: "0" (Variable: TX:block_suspicious_ip)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_harvester_ip.
 [9] Target value: "0" (Variable: TX:block_harvester_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_spammer_ip.
 [9] Target value: "0" (Variable: TX:block_spammer_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_search_ip.
 [9] Target value: "0" (Variable: TX:block_search_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_RBL_CHECK
 [9] Skipped rule id '910140' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910150' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910160' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910170' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910180' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910190' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
 [9] Rule: END_RBL_LOOKUP
 [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
 [9] Rule: END_RBL_CHECK
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 910014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
 [9] Skipped rule id '910016' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '910018' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: END-REQUEST-910-IP-REPUTATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 911012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.allowed_methods to: GET HEAD POST OPTIONS
 [4] (Rule: 911100) Executing operator "Within" with param "GET HEAD POST OPTIONS" Was: "%{tx.allowed_methods}" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [6] Resolving: tx.allowed_methods to: GET HEAD POST OPTIONS
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 911014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Skipped rule id '911016' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '911018' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 912012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 912014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '912016' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: 
 [9] Skipped rule id '912018' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 913012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913100) Executing operator "PmFromFile" with param "scanners-user-agents.data" against REQUEST_HEADERS:User-Agent.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913110) Executing operator "PmFromFile" with param "scanners-headers.data" against REQUEST_HEADERS_NAMES|REQUEST_HEADERS.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "host"
 [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
 [9]  T (0) t:lowercase: "user-agent"
 [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
 [9]  T (0) t:lowercase: "accept"
 [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
 [9]  T (0) t:lowercase: "content-length"
 [9] Target value: "content-length" (Variable: REQUEST_HEADERS_NAMES:Content-Length)
 [9]  T (0) t:lowercase: "content-type"
 [9] Target value: "content-type" (Variable: REQUEST_HEADERS_NAMES:Content-Type)
 [9]  T (0) t:lowercase: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:lowercase: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:lowercase: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913120) Executing operator "PmFromFile" with param "scanners-urls.data" against REQUEST_FILENAME|ARGS.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9]  T (0) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
 [9] Skipped rule id '913101' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913102' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913016' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913018' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: END-REQUEST-913-SCANNER-DETECTION
 [4] Out of a SecMarker after skip 5.000000 rules.
 [4] (Rule: 920012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920100) Executing operator "Rx" with param "^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" against REQUEST_LINE.
 [6] Resolving: request_line to: POST /modsec-full/ HTTP/1.1
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920120) Executing operator "Rx" with param "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\"=]" against FILES_NAMES|FILES.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920130) Executing operator "Eq" with param "0" against REQBODY_ERROR.
 [6] Resolving: REQBODY_ERROR_MSG to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920140) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
 [6] Resolving: REQBODY_PROCESSOR_ERROR to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_QUOTED to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_WHITESPACE to: NULL
 [6] Resolving: MULTIPART_DATA_BEFORE to: NULL
 [6] Resolving: MULTIPART_DATA_AFTER to: NULL
 [6] Resolving: MULTIPART_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_LF_LINE to: NULL
 [6] Resolving: MULTIPART_SEMICOLON_MISSING to: NULL
 [6] Resolving: MULTIPART_INVALID_QUOTING to: NULL
 [6] Resolving: MULTIPART_INVALID_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_FILE_LIMIT_EXCEEDED to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920170) Executing operator "Rx" with param "^(?:GET|HEAD)$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920180) Executing operator "Rx" with param "^POST$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: POST request missing Content-Length Header.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Content-Length.
 [9] Target value: "1" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920190) Executing operator "Rx" with param "(\d+)\-(\d+)\," against REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920210) Executing operator "Rx" with param "\b(keep-alive|close),\s?(keep-alive|close)\b" against REQUEST_HEADERS:Connection.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920220) Executing operator "Rx" with param "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" against REQUEST_URI.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920240) Executing operator "Rx" with param "^(application\/x-www-form-urlencoded|text\/xml)(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$" against REQUEST_HEADERS:Content-Type.
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: URL Encoding Abuse Attack Attempt
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" against REQUEST_BODY|XML:/*.
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920250) Executing operator "Eq" with param "1" against TX:CRS_VALIDATE_UTF8_ENCODING.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920260) Executing operator "Rx" with param "\%u[fF]{2}[0-9a-fA-F]{2}" against REQUEST_URI|REQUEST_BODY.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920270) Executing operator "ValidadeByteRange" with param "1-255" against REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES.
 [9]  T (0) t:urlDecodeUni: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9]  T (0) t:urlDecodeUni: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:urlDecodeUni: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:urlDecodeUni: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:urlDecodeUni: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:urlDecodeUni: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920280) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Host.
 [9] Target value: "1" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920290) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Host.
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920310) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920311) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920330) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:User-Agent.
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920340) Executing operator "Rx" with param "^0$" against REQUEST_HEADERS:Content-Length.
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: Request Containing Content, but Missing Content-Type header
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Content-Type.
 [9] Target value: "1" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920350) Executing operator "Rx" with param "^[\d.:]+$" against REQUEST_HEADERS:Host.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920380) Executing operator "Eq" with param "1" against TX:MAX_NUM_ARGS.
 [9] Target value: "0" (Variable: TX:MAX_NUM_ARGS)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920360) Executing operator "Eq" with param "1" against TX:ARG_NAME_LENGTH.
 [9] Target value: "0" (Variable: TX:ARG_NAME_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920370) Executing operator "Eq" with param "1" against TX:ARG_LENGTH.
 [9] Target value: "0" (Variable: TX:ARG_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920390) Executing operator "Eq" with param "1" against TX:TOTAL_ARG_LENGTH.
 [9] Target value: "0" (Variable: TX:TOTAL_ARG_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920400) Executing operator "Eq" with param "1" against TX:MAX_FILE_SIZE.
 [9] Target value: "0" (Variable: TX:MAX_FILE_SIZE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920410) Executing operator "Eq" with param "1" against TX:COMBINED_FILE_SIZES.
 [9] Target value: "0" (Variable: TX:COMBINED_FILE_SIZES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920420) Executing operator "Rx" with param "^(?:GET|HEAD|PROPFIND|OPTIONS)$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: Request content type is not allowed by policy
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "^([^;\s]+)" against REQUEST_HEADERS:Content-Type.
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [7] Added regex subexpression TX.0: application/x-www-form-urlencoded
 [7] Added regex subexpression TX.1: application/x-www-form-urlencoded
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [6] Resolving: tx.allowed_request_content_type to: application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
 [4] (Rule: 0) Executing operator "Rx" with param "^application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain$" Was: "^%{tx.allowed_request_content_type}$" against TX:0.
 [9] Target value: "application/x-www-form-urlencoded" (Variable: TX:0)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: rule.msg to: Request content type is not allowed by policy
 [8] Saving variable: TX:msg with value: Request content type is not allowed by policy
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.critical_anomaly_score to: 5
 [8] Saving variable: TX:anomaly_score with value: 5
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: rule.id to: 920420
 [6] Resolving: matched_var_name to: TX:0
 [6] Resolving: matched_var to: application/x-www-form-urlencoded
 [8] Saving variable: TX:920420-OWASP_CRS/POLICY/CONTENT_TYPE_NOT_ALLOWED-TX:0 with value: application/x-www-form-urlencoded
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: ctl
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: capture
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) ignoring action: pass (rule contains a disruptive action)
 [4] Running (disruptive)     action: block
 [8] Marking request as disruptive.
 [8] Running action pass
 [4] Running (non-disruptive) action: severity
 [9] This rule severity is: 2 current transaction is: 255
 [4] Running (non-disruptive) action: logdata
 [6] Resolving: matched_var to: application/x-www-form-urlencoded
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: application-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: language-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: platform-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: attack-protocol
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: WASCTC/WASC-20
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: OWASP_TOP_10/A1
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: OWASP_AppSensor/EE2
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: PCI/12.1
 [6] Resolving: tx.allowed_http_versions to: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
 [4] (Rule: 920430) Executing operator "Within" with param "HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0" Was: "%{tx.allowed_http_versions}" against REQUEST_PROTOCOL.
 [6] Resolving: matched_var to: application/x-www-form-urlencoded
 [9] Target value: "HTTP/1.1" (Variable: REQUEST_PROTOCOL)
 [6] Resolving: tx.allowed_http_versions to: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920440) Executing operator "Rx" with param "\.(.*)$" against REQUEST_BASENAME.
 [6] Resolving: TX.0 to: application/x-www-form-urlencoded
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920450) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS_NAMES.
 [6] Resolving: MATCHED_VAR to: NULL
 [6] Resolving: matched_var to: NULL
 [9]  T (0) t:lowercase: "host"
 [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
 [7] Added regex subexpression TX.0: host
 [7] Added regex subexpression TX.1: host
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: Host
 [9] Saving msg: HTTP header is restricted by policy (Host)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: host
 [6] Resolving: tx.0 to: host
 [8] Saving variable: TX:header_name_host with value: /host/
 [9]  T (0) t:lowercase: "user-agent"
 [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
 [7] Added regex subexpression TX.0: user-agent
 [7] Added regex subexpression TX.1: user-agent
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: User-Agent
 [9] Saving msg: HTTP header is restricted by policy (User-Agent)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: user-agent
 [6] Resolving: tx.0 to: user-agent
 [8] Saving variable: TX:header_name_user-agent with value: /user-agent/
 [9]  T (0) t:lowercase: "accept"
 [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
 [7] Added regex subexpression TX.0: accept
 [7] Added regex subexpression TX.1: accept
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: Accept
 [9] Saving msg: HTTP header is restricted by policy (Accept)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: accept
 [6] Resolving: tx.0 to: accept
 [8] Saving variable: TX:header_name_accept with value: /accept/
 [9]  T (0) t:lowercase: "content-length"
 [9] Target value: "content-length" (Variable: REQUEST_HEADERS_NAMES:Content-Length)
 [7] Added regex subexpression TX.0: content-length
 [7] Added regex subexpression TX.1: content-length
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: Content-Length
 [9] Saving msg: HTTP header is restricted by policy (Content-Length)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: content-length
 [6] Resolving: tx.0 to: content-length
 [8] Saving variable: TX:header_name_content-length with value: /content-length/
 [9]  T (0) t:lowercase: "content-type"
 [9] Target value: "content-type" (Variable: REQUEST_HEADERS_NAMES:Content-Type)
 [7] Added regex subexpression TX.0: content-type
 [7] Added regex subexpression TX.1: content-type
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: Content-Type
 [9] Saving msg: HTTP header is restricted by policy (Content-Type)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: content-type
 [6] Resolving: tx.0 to: content-type
 [8] Saving variable: TX:header_name_content-type with value: /content-type/
 [4] Rule returned 1.
 [4] Executing chained rule.
 [6] Resolving: tx.restricted_headers to: /proxy/ /lock-token/ /content-range/ /translate/ /if/
 [4] (Rule: 0) Executing operator "Within" with param "/proxy/ /lock-token/ /content-range/ /translate/ /if/" Was: "%{tx.restricted_headers}" against TX.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Skipped rule id '920200' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920201' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920230' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920300' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920271' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920320' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920121' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920016' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920272' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920018' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920202' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920273' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920274' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920460' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [4] Out of a SecMarker after skip 15.000000 rules.
 [4] (Rule: 921012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921100) Executing operator "Rx" with param "," against REQUEST_HEADERS.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921110) Executing operator "Rx" with param "(?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" against ARGS_NAMES|ARGS|XML:/*.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921120) Executing operator "Rx" with param "[\r\n]\W*?(?:content-(type|length)|set-cookie|location):" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921130) Executing operator "Rx" with param "(?:\bhttp\/(?:0\.9|1\.[01])|<(?:html|meta)\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921140) Executing operator "Rx" with param "(\n|\r)" against REQUEST_HEADERS_NAMES|REQUEST_HEADERS.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:htmlEntityDecode: "Host"
 [9]  T (1) t:lowercase: "host"
 [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
 [9]  T (0) t:htmlEntityDecode: "User-Agent"
 [9]  T (1) t:lowercase: "user-agent"
 [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
 [9]  T (0) t:htmlEntityDecode: "Accept"
 [9]  T (1) t:lowercase: "accept"
 [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
 [9]  T (0) t:htmlEntityDecode: "Content-Length"
 [9]  T (1) t:lowercase: "content-length"
 [9] Target value: "content-length" (Variable: REQUEST_HEADERS_NAMES:Content-Length)
 [9]  T (0) t:htmlEntityDecode: "Content-Type"
 [9]  T (1) t:lowercase: "content-type"
 [9] Target value: "content-type" (Variable: REQUEST_HEADERS_NAMES:Content-Type)
 [9]  T (0) t:htmlEntityDecode: "localhost"
 [9]  T (1) t:lowercase: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (1) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:htmlEntityDecode: "*/*"
 [9]  T (1) t:lowercase: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:htmlEntityDecode: "3"
 [9]  T (1) t:lowercase: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:htmlEntityDecode: "application/x-www-form-urlencoded"
 [9]  T (1) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921150) Executing operator "Rx" with param "(\n|\r)" against ARGS_NAMES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921160) Executing operator "Rx" with param "(?:\n|\r)+(?:\s+|location|refresh|(?:set-)?cookie|(X-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" against ARGS_NAMES|ARGS|XML:/*.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Skipped rule id '921151' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921016' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921170' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921180' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921018' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
 [4] Out of a SecMarker after skip 6.000000 rules.
 [4] (Rule: 930012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930100) Executing operator "Rx" with param "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" against REQUEST_URI_RAW|REQUEST_BODY|REQUEST_HEADERS|XML:/*, except for: REQUEST_HEADERS:Referer.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI_RAW)
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930110) Executing operator "Pm" with param "..\ ../" against REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS|XML:/*, except for: REQUEST_HEADERS:Referer.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "/modsec-full/"
 [9]  T (1) t:urlDecodeUni: "/modsec-full/"
 [9]  T (2) t:removeNulls: "/modsec-full/"
 [9]  T (3) t:cmdLine: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9]  T (0) t:utf8toUnicode: "d=b"
 [9]  T (1) t:urlDecodeUni: "d=b"
 [9]  T (2) t:removeNulls: "d=b"
 [9]  T (3) t:cmdLine: "d=b"
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [9]  T (0) t:utf8toUnicode: "localhost"
 [9]  T (1) t:urlDecodeUni: "localhost"
 [9]  T (2) t:removeNulls: "localhost"
 [9]  T (3) t:cmdLine: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:removeNulls: "curl/7.52.1"
 [9]  T (3) t:cmdLine: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "*/*"
 [9]  T (1) t:urlDecodeUni: "*/*"
 [9]  T (2) t:removeNulls: "*/*"
 [9]  T (3) t:cmdLine: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:utf8toUnicode: "3"
 [9]  T (1) t:urlDecodeUni: "3"
 [9]  T (2) t:removeNulls: "3"
 [9]  T (3) t:cmdLine: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:utf8toUnicode: "application/x-www-form-urlencoded"
 [9]  T (1) t:urlDecodeUni: "application/x-www-form-urlencoded"
 [9]  T (2) t:removeNulls: "application/x-www-form-urlencoded"
 [9]  T (3) t:cmdLine: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930120) Executing operator "PmFromFile" with param "lfi-os-files.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:normalizePathWin: "d"
 [9]  T (3) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:normalizePathWin: "b"
 [9]  T (3) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930130) Executing operator "PmFromFile" with param "restricted-files.data" against REQUEST_FILENAME.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "/modsec-full/"
 [9]  T (1) t:urlDecodeUni: "/modsec-full/"
 [9]  T (2) t:normalizePathWin: "/modsec-full/"
 [9]  T (3) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Skipped rule id '930016' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '930018' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 931012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931100) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?):\/\/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" against ARGS.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931110) Executing operator "Rx" with param "(?i:(\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(file|ftps?|https?):\/\/)" against QUERY_STRING|REQUEST_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d=b"
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931120) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?)(.*?)\?+$" against ARGS.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Skipped rule id '931130' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931016' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931018' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [4] Out of a SecMarker after skip 4.000000 rules.
 [4] (Rule: 932012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932100) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:w[\\\\'\"]*p[\\\\'\"]*-[\\\\'\"]*(?:d[\\\\'\"]*(?:o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*m[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*q[\\\\'\"]*u[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|m[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*r)|s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|h[\\\\'\"]*w|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m|(?:\s|<|>).*)|o[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*(?:t[\\\\'\"]*e|l)[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|d[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|(?:[np]|y[\\\\'\"]*n[\\\\'\"]*x)[\\\\'\"]*(?:\s|<|>).*)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p[\\\\'\"]*2)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*h)|r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*k[\\\\'\"]*s[\\\\'\"]*w|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*(?:p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|h[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*(?:\s|<|>).*|f[\\\\'\"]*l[\\\\'\"]*a[\\\\'\"]*g[\\\\'\"]*s|a[\\\\'\"]*t[\\\\'\"]*t[\\\\'\"]*r|m[\\\\'\"]*o[\\\\'\"]*d)|r[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*b|(?:[cp]|a[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h)|f[\\\\'\"]*(?:i(?:[\\\\'\"]*(?:l[\\\\'\"]*e[\\\\'\"]*(?:t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|(?:\s|<|>).*)|n[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*))?|t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|u[\\\\'\"]*n[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n|(?:e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|c)[\\\\'\"]*(?:\s|<|>).*|o[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|e[\\\\'\"]*(?:n[\\\\'\"]*(?:v(?:[\\\\'\"]*-[\\\\'\"]*u[\\\\'\"]*p[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)?|d[\\\\'\"]*(?:i[\\\\'\"]*f|s[\\\\'\"]*w))|x[\\\\'\"]*(?:p[\\\\'\"]*(?:a[\\\\'\"]*n[\\\\'\"]*d|o[\\\\'\"]*r[\\\\'\"]*t|r)|e[\\\\'\"]*c[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*t)|c[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|s[\\\\'\"]*a[\\\\'\"]*c|v[\\\\'\"]*a[\\\\'\"]*l)|h[\\\\'\"]*(?:t[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|p[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|o[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e|i[\\\\'\"]*d)|(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*y)|i[\\\\'\"]*(?:p[\\\\'\"]*(?:(?:6[\\\\'\"]*)?t[\\\\'\"]*a[\\\\'\"]*b[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*s|c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g)|r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|f[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|g[\\\\'\"]*(?:(?:e[\\\\'\"]*t[\\\\'\"]*f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c|i[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|u[\\\\'\"]*n[\\\\'\"]*z[\\\\'\"]*i[\\\\'\"]*p|d[\\\\'\"]*b)|a[\\\\'\"]*(?:(?:l[\\\\'\"]*i[\\\\'\"]*a[\\\\'\"]*s|w[\\\\'\"]*k)[\\\\'\"]*(?:\s|<|>).*|d[\\\\'\"]*d[\\\\'\"]*u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r|p[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t|r[\\\\'\"]*(?:c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|d[\\\\'\"]*(?:h[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*i[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*t|(?:i[\\\\'\"]*f[\\\\'\"]*f|u)[\\\\'\"]*(?:\s|<|>).*|(?:m[\\\\'\"]*e[\\\\'\"]*s|p[\\\\'\"]*k)[\\\\'\"]*g|o[\\\\'\"]*(?:a[\\\\'\"]*s|n[\\\\'\"]*e)|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:k[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*r|o[\\\\'\"]*r[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*(?:x[\\\\'\"]*(?:\s|<|>).*|q)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)|j[\\\\'\"]*(?:(?:a[\\\\'\"]*v[\\\\'\"]*a|o[\\\\'\"]*b[\\\\'\"]*s)[\\\\'\"]*(?:\s|<|>).*|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c)|k[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*l[\\\\'\"]*(?:a[\\\\'\"]*l[\\\\'\"]*l|(?:\s|<|>).*)|(?:G[\\\\'\"]*E[\\\\'\"]*T[\\\\'\"]*(?:\s|<|>)|\.\s).*|7[\\\\'\"]*z(?:[\\\\'\"]*[ar])?)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932105) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:(?:f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*)?(?:\s|<|>).*|e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d[\\\\'\"]*(?:\s|<|>).*)|h[\\\\'\"]*(?:\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b|u[\\\\'\"]*t[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n|(?:\s|<|>).*)|o[\\\\'\"]*(?:(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|r[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|c[\\\\'\"]*a[\\\\'\"]*t)|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p[\\\\'\"]*(?:\s|<|>).*)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|(?:l[\\\\'\"]*e[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|u[\\\\'\"]*(?:(?:\s|<|>).*|d[\\\\'\"]*o)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:k[\\\\'\"]*(?:g(?:(?:[\\\\'\"]*_)?[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*o)?|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|f[\\\\'\"]*(?:\s|<|>).*)|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|e[\\\\'\"]*r[\\\\'\"]*(?:l(?:[\\\\'\"]*(?:s[\\\\'\"]*h|5))?|m[\\\\'\"]*s)|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|(?:u[\\\\'\"]*s[\\\\'\"]*h|o[\\\\'\"]*p)[\\\\'\"]*d|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*(?:\s|<|>).*)|n[\\\\'\"]*(?:c[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|(?:\s|<|>).*|a[\\\\'\"]*t)|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t|(?:\s|<|>).*)|s[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*o[\\\\'\"]*k[\\\\'\"]*u[\\\\'\"]*p|t[\\\\'\"]*a[\\\\'\"]*t)|(?:a[\\\\'\"]*n[\\\\'\"]*o|i[\\\\'\"]*c[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|(?:o[\\\\'\"]*h[\\\\'\"]*u|m[\\\\'\"]*a)[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*)?(?:\s|<|>).*|u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|(?:a[\\\\'\"]*r|c[\\\\'\"]*p|p[\\\\'\"]*m)[\\\\'\"]*(?:\s|<|>).*|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|e[\\\\'\"]*(?:l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t|e[\\\\'\"]*(?:\s|<|>).*)|i[\\\\'\"]*m[\\\\'\"]*e[\\\\'\"]*(?:o[\\\\'\"]*u[\\\\'\"]*t|(?:\s|<|>).*)|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r[\\\\'\"]*(?:\s|<|>).*)|o[\\\\'\"]*(?:u[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|u[\\\\'\"]*(?:n[\\\\'\"]*(?:l[\\\\'\"]*(?:i[\\\\'\"]*n[\\\\'\"]*k[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*m[\\\\'\"]*a)|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l)|l[\\\\'\"]*i[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*(?:\s|<|>).*)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l(?:[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w))?|(?:(?:o[\\\\'\"]*u[\\\\'\"]*n|u[\\\\'\"]*t)[\\\\'\"]*t|v)[\\\\'\"]*(?:\s|<|>).*)|x[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|(?:\s|<|>).*)|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s|t[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*m|x[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*)|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|i[\\\\'\"]*p[\\\\'\"]*(?:\s|<|>).*|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|o[\\\\'\"]*(?:p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*l|n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*(?:a[\\\\'\"]*m[\\\\'\"]*i|(?:\s|<|>).*)|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|v[\\\\'\"]*i[\\\\'\"]*(?:m[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r|p[\\\\'\"]*w)|y[\\\\'\"]*u[\\\\'\"]*m)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932110) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:m[\"\^]*(?:y[\"\^]*s[\"\^]*q[\"\^]*l(?:[\"\^]*(?:d[\"\^]*u[\"\^]*m[\"\^]*p(?:[\"\^]*s[\"\^]*l[\"\^]*o[\"\^]*w)?|h[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*h[\"\^]*o[\"\^]*w))?|s[\"\^]*(?:i[\"\^]*(?:n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2|e[\"\^]*x[\"\^]*e[\"\^]*c)|c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|g[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*c)|o[\"\^]*(?:u[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|v[\"\^]*o[\"\^]*l)|v[\"\^]*e[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r|[dr][\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*i[\"\^]*n[\"\^]*k)|d[\"\^]*(?:s[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*d|(?:[\s,;]|\.|/|<|>).*)|a[\"\^]*p[\"\^]*i[\"\^]*s[\"\^]*e[\"\^]*n[\"\^]*d|b[\"\^]*s[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*i|e[\"\^]*a[\"\^]*s[\"\^]*u[\"\^]*r[\"\^]*e|m[\"\^]*s[\"\^]*y[\"\^]*s)|d[\"\^]*(?:i[\"\^]*(?:s[\"\^]*k[\"\^]*(?:(?:m[\"\^]*g[\"\^]*m|p[\"\^]*a[\"\^]*r)[\"\^]*t|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|r[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*e)|f[\"\^]*f[\"\^]*(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*(?:l[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*f|t[\"\^]*r[\"\^]*e[\"\^]*e|(?:[\s,;]|\.|/|<|>).*)|v[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c[\"\^]*o[\"\^]*n)|(?:f[\"\^]*r[\"\^]*a|b[\"\^]*u)[\"\^]*g)|s[\"\^]*(?:a[\"\^]*(?:c[\"\^]*l[\"\^]*s|d[\"\^]*d)|q[\"\^]*u[\"\^]*e[\"\^]*r[\"\^]*y|m[\"\^]*o[\"\^]*(?:v[\"\^]*e|d)|g[\"\^]*e[\"\^]*t|r[\"\^]*m)|(?:r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r|o[\"\^]*s[\"\^]*k[\"\^]*e)[\"\^]*y|(?:c[\"\^]*o[\"\^]*m[\"\^]*c[\"\^]*n[\"\^]*f|x[\"\^]*d[\"\^]*i[\"\^]*a)[\"\^]*g|a[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|n[\"\^]*s[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|c[\"\^]*(?:o[\"\^]*(?:m[\"\^]*(?:p[\"\^]*(?:(?:a[\"\^]*c[\"\^]*t[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|m[\"\^]*g[\"\^]*m[\"\^]*t)|e[\"\^]*x[\"\^]*p)|n[\"\^]*(?:2[\"\^]*p|v[\"\^]*e)[\"\^]*r[\"\^]*t|p[\"\^]*y)|l[\"\^]*(?:e[\"\^]*a[\"\^]*(?:n[\"\^]*m[\"\^]*g[\"\^]*r|r[\"\^]*m[\"\^]*e[\"\^]*m)|u[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*r)|h[\"\^]*(?:k[\"\^]*(?:n[\"\^]*t[\"\^]*f[\"\^]*s|d[\"\^]*s[\"\^]*k)|d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|s[\"\^]*(?:c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|c[\"\^]*m[\"\^]*d)|v[\"\^]*d[\"\^]*e)|e[\"\^]*r[\"\^]*t[\"\^]*(?:u[\"\^]*t[\"\^]*i[\"\^]*l|r[\"\^]*e[\"\^]*q)|a[\"\^]*(?:l[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|c[\"\^]*l[\"\^]*s)|m[\"\^]*d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|i[\"\^]*p[\"\^]*h[\"\^]*e[\"\^]*r|u[\"\^]*r[\"\^]*l)|f[\"\^]*(?:o[\"\^]*r[\"\^]*(?:m[\"\^]*a[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*n[\"\^]*d[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|s[\"\^]*t[\"\^]*r)|s[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|u[\"\^]*t[\"\^]*i[\"\^]*l)|t[\"\^]*(?:p[\"\^]*(?:[\s,;]|\.|/|<|>).*|y[\"\^]*p[\"\^]*e)|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|c[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*r[\"\^]*e[\"\^]*p)|n[\"\^]*(?:e[\"\^]*t[\"\^]*(?:s[\"\^]*(?:t[\"\^]*a[\"\^]*t|v[\"\^]*c|h)|(?:[\s,;]|\.|/|<|>).*|c[\"\^]*a[\"\^]*t|d[\"\^]*o[\"\^]*m)|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|r[\"\^]*i[\"\^]*g[\"\^]*h[\"\^]*t[\"\^]*s)|(?:s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u|m[\"\^]*a)[\"\^]*p|c[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|a[\"\^]*t)|b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|e[\"\^]*(?:x[\"\^]*(?:p[\"\^]*(?:a[\"\^]*n[\"\^]*d[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*r[\"\^]*e[\"\^]*r)|i[\"\^]*t)|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*(?:c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e|v[\"\^]*w[\"\^]*r)|n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|g[\"\^]*r[\"\^]*e[\"\^]*p|r[\"\^]*a[\"\^]*s[\"\^]*e|c[\"\^]*h[\"\^]*o)|g[\"\^]*(?:a[\"\^]*t[\"\^]*h[\"\^]*e[\"\^]*r[\"\^]*n[\"\^]*e[\"\^]*t[\"\^]*w[\"\^]*o[\"\^]*r[\"\^]*k[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*(?:(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l|e[\"\^]*d[\"\^]*i)[\"\^]*t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|i[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*t[\"\^]*m[\"\^]*a[\"\^]*c)|i[\"\^]*(?:r[\"\^]*b(?:[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))?|f[\"\^]*m[\"\^]*e[\"\^]*m[\"\^]*b[\"\^]*e[\"\^]*r|p[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|n[\"\^]*e[\"\^]*t[\"\^]*c[\"\^]*p[\"\^]*l|c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s)|a[\"\^]*(?:d[\"\^]*(?:d[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r[\"\^]*s|m[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*m[\"\^]*d)|r[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*t[\"\^]*r[\"\^]*i[\"\^]*b|s[\"\^]*s[\"\^]*o[\"\^]*c|z[\"\^]*m[\"\^]*a[\"\^]*n)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t|t[\"\^]*i[\"\^]*m[\"\^]*e|m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f)|a[\"\^]*b[\"\^]*e[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*r[\"\^]*m[\"\^]*g[\"\^]*r)|b[\"\^]*(?:(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)|r[\"\^]*o[\"\^]*w[\"\^]*s[\"\^]*t[\"\^]*a)[\"\^]*t|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|o[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*f[\"\^]*g)|h[\"\^]*(?:o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e|d[\"\^]*w[\"\^]*w[\"\^]*i[\"\^]*z)|j[\"\^]*a[\"\^]*v[\"\^]*a[\"\^]*(?:[\s,;]|\.|/|<|>).*|7[\"\^]*z(?:[\"\^]*[ar])?)(?:\.[\"\^]*\w+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932115) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:s[\"\^]*(?:y[\"\^]*s[\"\^]*(?:t[\"\^]*e[\"\^]*m[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*t[\"\^]*i[\"\^]*e[\"\^]*s[\"\^]*(?:d[\"\^]*a[\"\^]*t[\"\^]*a[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*p[\"\^]*r[\"\^]*e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|(?:p[\"\^]*e[\"\^]*r[\"\^]*f[\"\^]*o[\"\^]*r[\"\^]*m[\"\^]*a[\"\^]*n[\"\^]*c|h[\"\^]*a[\"\^]*r[\"\^]*d[\"\^]*w[\"\^]*a[\"\^]*r)[\"\^]*e|a[\"\^]*d[\"\^]*v[\"\^]*a[\"\^]*n[\"\^]*c[\"\^]*e[\"\^]*d)|i[\"\^]*n[\"\^]*f[\"\^]*o)|k[\"\^]*e[\"\^]*y|d[\"\^]*m)|h[\"\^]*(?:o[\"\^]*(?:w[\"\^]*(?:g[\"\^]*r[\"\^]*p|m[\"\^]*b[\"\^]*r)[\"\^]*s|r[\"\^]*t[\"\^]*c[\"\^]*u[\"\^]*t)|e[\"\^]*l[\"\^]*l[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*a[\"\^]*s|u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|r[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*w|a[\"\^]*r[\"\^]*e|i[\"\^]*f[\"\^]*t)|e[\"\^]*(?:t[\"\^]*(?:(?:x[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l)|c[\"\^]*p[\"\^]*o[\"\^]*l|l[\"\^]*e[\"\^]*c[\"\^]*t)|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|l[\"\^]*i[\"\^]*s[\"\^]*t)|u[\"\^]*b[\"\^]*(?:i[\"\^]*n[\"\^]*a[\"\^]*c[\"\^]*l|s[\"\^]*t)|t[\"\^]*a[\"\^]*r[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|i[\"\^]*g[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f|l[\"\^]*(?:e[\"\^]*e[\"\^]*p|m[\"\^]*g[\"\^]*r)|o[\"\^]*r[\"\^]*t|f[\"\^]*c|v[\"\^]*n)|p[\"\^]*(?:s[\"\^]*(?:s[\"\^]*(?:h[\"\^]*u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|e[\"\^]*r[\"\^]*v[\"\^]*i[\"\^]*c[\"\^]*e|u[\"\^]*s[\"\^]*p[\"\^]*e[\"\^]*n[\"\^]*d)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:g[\"\^]*e[\"\^]*d[\"\^]*o[\"\^]*n|l[\"\^]*i[\"\^]*s[\"\^]*t)|i[\"\^]*s[\"\^]*t)|p[\"\^]*(?:a[\"\^]*s[\"\^]*s[\"\^]*w[\"\^]*d|i[\"\^]*n[\"\^]*g)|g[\"\^]*e[\"\^]*t[\"\^]*s[\"\^]*i[\"\^]*d|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*i[\"\^]*l[\"\^]*e|i[\"\^]*n[\"\^]*f[\"\^]*o|k[\"\^]*i[\"\^]*l[\"\^]*l)|o[\"\^]*(?:w[\"\^]*e[\"\^]*r[\"\^]*(?:s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l(?:[\"\^]*_[\"\^]*i[\"\^]*s[\"\^]*e)?|c[\"\^]*f[\"\^]*g)|r[\"\^]*t[\"\^]*q[\"\^]*r[\"\^]*y|p[\"\^]*d)|r[\"\^]*(?:i[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|b[\"\^]*r[\"\^]*m)|n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|m[\"\^]*n[\"\^]*g[\"\^]*r)|o[\"\^]*m[\"\^]*p[\"\^]*t)|a[\"\^]*t[\"\^]*h[\"\^]*(?:p[\"\^]*i[\"\^]*n[\"\^]*g|(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*r[\"\^]*(?:l(?:[\"\^]*(?:s[\"\^]*h|5))?|f[\"\^]*m[\"\^]*o[\"\^]*n)|y[\"\^]*t[\"\^]*h[\"\^]*o[\"\^]*n(?:[\"\^]*(?:3(?:[\"\^]*m)?|2))?|k[\"\^]*g[\"\^]*m[\"\^]*g[\"\^]*r|h[\"\^]*p(?:[\"\^]*[57])?|u[\"\^]*s[\"\^]*h[\"\^]*d|i[\"\^]*n[\"\^]*g)|r[\"\^]*(?:e[\"\^]*(?:(?:p[\"\^]*l[\"\^]*a[\"\^]*c[\"\^]*e|n(?:[\"\^]*a[\"\^]*m[\"\^]*e)?|s[\"\^]*e[\"\^]*t)[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*(?:s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2|e[\"\^]*d[\"\^]*i[\"\^]*t|(?:[\s,;]|\.|/|<|>).*|i[\"\^]*n[\"\^]*i)|c[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c|o[\"\^]*v[\"\^]*e[\"\^]*r)|k[\"\^]*e[\"\^]*y[\"\^]*w[\"\^]*i[\"\^]*z)|u[\"\^]*(?:n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|a[\"\^]*s)|b[\"\^]*y[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))|a[\"\^]*(?:s[\"\^]*(?:p[\"\^]*h[\"\^]*o[\"\^]*n[\"\^]*e|d[\"\^]*i[\"\^]*a[\"\^]*l)|r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*r[\"\^]*e)|o[\"\^]*(?:u[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)|s[\"\^]*(?:t[\"\^]*r[\"\^]*u[\"\^]*i|y[\"\^]*n[\"\^]*c)|d[\"\^]*(?:[\s,;]|\.|/|<|>).*)|t[\"\^]*(?:a[\"\^]*(?:s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*c[\"\^]*h[\"\^]*d|m[\"\^]*g[\"\^]*r)|k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n)|(?:i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u|p[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*i|e[\"\^]*l[\"\^]*n[\"\^]*e|l[\"\^]*i[\"\^]*s)[\"\^]*t|s[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c[\"\^]*o|s[\"\^]*h[\"\^]*u[\"\^]*t[\"\^]*d)[\"\^]*n|y[\"\^]*p[\"\^]*e[\"\^]*(?:p[\"\^]*e[\"\^]*r[\"\^]*f|(?:[\s,;]|\.|/|<|>).*)|r[\"\^]*(?:a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*t|e[\"\^]*e))|w[\"\^]*(?:i[\"\^]*n[\"\^]*(?:d[\"\^]*i[\"\^]*f[\"\^]*f|m[\"\^]*s[\"\^]*d[\"\^]*p|v[\"\^]*a[\"\^]*r|r[\"\^]*[ms])|u[\"\^]*(?:a[\"\^]*(?:u[\"\^]*c[\"\^]*l[\"\^]*t|p[\"\^]*p)|s[\"\^]*a)|s[\"\^]*c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|u[\"\^]*i)|e[\"\^]*v[\"\^]*t[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|m[\"\^]*i[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c)|a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|h[\"\^]*o[\"\^]*a[\"\^]*m[\"\^]*i|g[\"\^]*e[\"\^]*t)|u[\"\^]*(?:s[\"\^]*(?:e[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*c[\"\^]*o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*t[\"\^]*r[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*t[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s|r[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|n[\"\^]*(?:r[\"\^]*a[\"\^]*r|z[\"\^]*i[\"\^]*p))|q[\"\^]*(?:u[\"\^]*e[\"\^]*r[\"\^]*y[\"\^]*(?:[\s,;]|\.|/|<|>).*|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a|g[\"\^]*r[\"\^]*e[\"\^]*p)|o[\"\^]*(?:d[\"\^]*b[\"\^]*c[\"\^]*(?:a[\"\^]*d[\"\^]*3[\"\^]*2|c[\"\^]*o[\"\^]*n[\"\^]*f)|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|v[\"\^]*(?:o[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*y)|x[\"\^]*c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|o[\"\^]*p[\"\^]*y)|z[\"\^]*i[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*)(?:\.[\"\^]*\w+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932120) Executing operator "PmFromFile" with param "windows-powershell-commands.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932130) Executing operator "Rx" with param "(?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932140) Executing operator "Rx" with param "\b(?:if(?:/i)?(?: not)?(?: exist\b| defined\b| errorlevel\b| cmdextversion\b|(?: |\().*(?:\bgeq\b|\bequ\b|\bneq\b|\bleq\b|\bgtr\b|\blss\b|==))|for(/[dflr].*)* %+[^ ]+ in\(.*\)\s?do)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932150) Executing operator "Rx" with param "(?:^|=)\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m)|w[\\\\'\"]*p(?:[\\\\'\"]*-[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d)?|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|y[\\\\'\"]*n[\\\\'\"]*x)|s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d)|h(?:[\\\\'\"]*\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b)?|o[\\\\'\"]*(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|f[\\\\'\"]*t[\\\\'\"]*p|u[\\\\'\"]*d[\\\\'\"]*o|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|k[\\\\'\"]*(?:e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*v|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|e[\\\\'\"]*r[\\\\'\"]*l(?:[\\\\'\"]*5)?|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g)|n[\\\\'\"]*(?:c(?:[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|a[\\\\'\"]*t))?|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t)|o[\\\\'\"]*h[\\\\'\"]*u[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|i[\\\\'\"]*m[\\\\'\"]*e(?:[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t)?|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r)|e[\\\\'\"]*l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|m[\\\\'\"]*(?:u[\\\\'\"]*s[\\\\'\"]*e|d[\\\\'\"]*i)[\\\\'\"]*r|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c|c[\\\\'\"]*p)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*q)|u[\\\\'\"]*(?:n[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|l[\\\\'\"]*z[\\\\'\"]*m[\\\\'\"]*a|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l))|x[\\\\'\"]*(?:z(?:[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e))?|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s)|z[\\\\'\"]*(?:(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e|i)[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|f[\\\\'\"]*(?:t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o)|i[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h|c)|e[\\\\'\"]*(?:g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*h[\\\\'\"]*o|v[\\\\'\"]*a[\\\\'\"]*l|x[\\\\'\"]*e[\\\\'\"]*c|n[\\\\'\"]*v)|d[\\\\'\"]*(?:m[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*g|a[\\\\'\"]*s[\\\\'\"]*h|i[\\\\'\"]*f[\\\\'\"]*f|o[\\\\'\"]*a[\\\\'\"]*s)|g[\\\\'\"]*(?:z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*i|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|j[\\\\'\"]*(?:o[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*\s[\\\\'\"]*-[\\\\'\"]*x|a[\\\\'\"]*v[\\\\'\"]*a)|i[\\\\'\"]*r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|o[\\\\'\"]*n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r|h[\\\\'\"]*(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)|v[\\\\'\"]*i[\\\\'\"]*(?:g[\\\\'\"]*r|p[\\\\'\"]*w)|G[\\\\'\"]*E[\\\\'\"]*T)[\\\\'\"]*(?:\s|;|\||&|<|>)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932160) Executing operator "PmFromFile" with param "unix-shell.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9]  T (2) t:normalizePath: "d"
 [9]  T (3) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9]  T (2) t:normalizePath: "b"
 [9]  T (3) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932170) Executing operator "Rx" with param "^\(\s*\)\s+{" against REQUEST_HEADERS|REQUEST_LINE.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecode: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:urlDecode: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:urlDecode: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:urlDecode: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:urlDecode: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9]  T (0) t:urlDecode: "POST /modsec-full/ HTTP/1.1"
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932171) Executing operator "Rx" with param "^\(\s*\)\s+{" against ARGS_NAMES|ARGS|FILES_NAMES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Skipped rule id '932016' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '932018' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 933012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933100) Executing operator "Rx" with param "(?:<\?(?!xml\s)|<\?php|\[(?:/|\\\\)?php\])" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933110) Executing operator "Rx" with param ".*\.(?:php\d*|phtml)\.*$" against FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X-File-Name.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933120) Executing operator "PmFromFile" with param "php-config-directives.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:normalisePath: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:normalisePath: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933130) Executing operator "PmFromFile" with param "php-variables.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:normalisePath: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:normalisePath: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933140) Executing operator "Rx" with param "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933150) Executing operator "PmFromFile" with param "php-function-names-933150.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9]  T (0) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933160) Executing operator "Rx" with param "(?i)\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|b(?:(?:son_(?:de|en)|ase64_en)code|zopen)|var_dump)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933170) Executing operator "Rx" with param "[oOcC]:\d+:\".+?\":\d+:{.*}" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933180) Executing operator "Rx" with param "\$+(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+})(?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Skipped rule id '933151' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933016' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933131' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933161' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933111' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933018' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [4] Out of a SecMarker after skip 7.000000 rules.
 [4] (Rule: 941012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941100) Executing operator "DetectXSS" with param "" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] libinjection was not able to find any XSS in: curl/7.52.1
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] libinjection was not able to find any XSS in: d
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9] libinjection was not able to find any XSS in: b
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941110) Executing operator "Rx" with param "(?i)([<Ôºú]script[^>Ôºû]*[>Ôºû][\s\S]*?)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941120) Executing operator "Rx" with param "(?i)([\s\"'`;\/0-9\=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941130) Executing operator "Rx" with param "(?i)[\s\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\/html|pattern(?=.*?=)|formaction|\@import|base64)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941140) Executing operator "Rx" with param "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941160) Executing operator "Rx" with param "(?i)<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*?s\W*?c\W*?r\W*?i\W*?p\W*?t|\W*?f\W*?o\W*?r\W*?m|\W*?s\W*?t\W*?y\W*?l\W*?e|\W*?s\W*?v\W*?g|\W*?m\W*?a\W*?r\W*?q\W*?u\W*?e\W*?e|(?:\W*?l\W*?i\W*?n\W*?k|\W*?o\W*?b\W*?j\W*?e\W*?c\W*?t|\W*?e\W*?m\W*?b\W*?e\W*?d|\W*?a\W*?p\W*?p\W*?l\W*?e\W*?t|\W*?p\W*?a\W*?r\W*?a\W*?m|\W*?i?\W*?f\W*?r\W*?a\W*?m\W*?e|\W*?b\W*?a\W*?s\W*?e|\W*?b\W*?o\W*?d\W*?y|\W*?m\W*?e\W*?t\W*?a|\W*?i\W*?m\W*?a?\W*?g\W*?e?|\W*?v\W*?i\W*?d\W*?e\W*?o|\W*?a\W*?u\W*?d\W*?i\W*?o|\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|\W*?s\W*?e\W*?t|\W*?a\W*?n\W*?i\W*?m\W*?a\W*?t\W*?e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\x08]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941170) Executing operator "Rx" with param "(?i)(?:\W|^)(?:javascript:(?:[\s\S]+[=\\\(\[\.<]|[\s\S]*?(?:\bname\b|\\[ux]\d))|data:(?:(?:[a-z]\w+\/\w[\w+-]+\w)?[;,]|[\s\S]*?;[\s\S]*?\b(?:base64|charset=)|[\s\S]*?,[\s\S]*?<[\s\S]*?\w[\s\S]*?>))|@\W*?i\W*?m\W*?p\W*?o\W*?r\W*?t\W*?(?:\/\*[\s\S]*?)?(?:[\"']|\W*?u\W*?r\W*?l[\s\S]*?\()|\W*?-\W*?m\W*?o\W*?z\W*?-\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g[\s\S]*?:[\s\S]*?\W*?u\W*?r\W*?l[\s\S]*?\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941180) Executing operator "Pm" with param "document.cookie document.write .parentnode .innerhtml window.location -moz-binding <!-- --> <![cdata[" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:lowercase: "d"
 [9]  T (6) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:lowercase: "b"
 [9]  T (6) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941190) Executing operator "Rx" with param "(?i:<style.*?>.*?((@[i\\\\])|(([:=]|(&#x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&#x?0*((40)|(28)|(92)|(5C));?)))))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941200) Executing operator "Rx" with param "(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941210) Executing operator "Rx" with param "(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941220) Executing operator "Rx" with param "(?i:(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(b|(&#x?0*((66)|(42)|(98)|(62));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941230) Executing operator "Rx" with param "(?i:<EMBED[\s/+].*?((src)|(type)).*?=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941240) Executing operator "Rx" with param "<[?]?import[\s\/+\S]*?implementation[\s\/+]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:lowercase: "d"
 [9]  T (6) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:lowercase: "b"
 [9]  T (6) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941250) Executing operator "Rx" with param "(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\"\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941260) Executing operator "Rx" with param "(?i:<META[\s/+].*?charset[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941270) Executing operator "Rx" with param "(?i:<LINK[\s/+].*?href[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941280) Executing operator "Rx" with param "(?i:<BASE[\s/+].*?href[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941290) Executing operator "Rx" with param "(?i:<APPLET[\s/+>])" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941300) Executing operator "Rx" with param "(?i:<OBJECT[\s/+].*?((type)|(codetype)|(classid)|(code)|(data))[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941310) Executing operator "Rx" with param "(?:¬æ|¬º).*(?:¬æ|¬º|>)|(?:¬æ|¬º|<).*(?:¬æ|¬º)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9]  T (2) t:urlDecode: "d"
 [9]  T (3) t:htmlEntityDecode: "d"
 [9]  T (4) t:jsDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9]  T (2) t:urlDecode: "b"
 [9]  T (3) t:htmlEntityDecode: "b"
 [9]  T (4) t:jsDecode: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941350) Executing operator "Rx" with param "(?:\+ADw\-|\+AD4\-).*(?:\+ADw\-|\+AD4\-|>)|(?:\+ADw\-|\+AD4\-|<).*(?:\+ADw\-|\+AD4\-)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9]  T (2) t:urlDecode: "d"
 [9]  T (3) t:htmlEntityDecode: "d"
 [9]  T (4) t:jsDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9]  T (2) t:urlDecode: "b"
 [9]  T (3) t:htmlEntityDecode: "b"
 [9]  T (4) t:jsDecode: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Skipped rule id '941101' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941150' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941320' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941330' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941340' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941016' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941018' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 942012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942100) Executing operator "DetectSQLi" with param "" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:removeNulls: "curl/7.52.1"
 [9]  T (3) t:removeComments: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] detected SQLi: not able to find an inject on 'curl/7.52.1'
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:removeNulls: "d"
 [9]  T (3) t:removeComments: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9] detected SQLi: not able to find an inject on 'd'
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:removeNulls: "b"
 [9]  T (3) t:removeComments: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9] detected SQLi: not able to find an inject on 'b'
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942140) Executing operator "Rx" with param "(?i:\b(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)\b|s(?:ys(?:\.database_name|aux)\b|chema(?:\W*\(|_name\b)|qlite(_temp)?_master\b)|d(?:atabas|b_nam)e\W*\(|information_schema\b|pg_(catalog|toast)\b|northwind\b|tempdb\b))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942160) Executing operator "Rx" with param "(?i:(sleep\((\s*?)(\d*?)(\s*?)\)|benchmark\((.*?)\,(.*?)\)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942170) Executing operator "Rx" with param "(?i:(?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*?\(?\s*?\w+))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942190) Executing operator "Rx" with param "(?i:(?:\s*?(?:exec|execute).*?(?:\W)xp_cmdshell)|(?:[\"'`]\s*?!\s*?[\"'`\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*?\([^\)]*?)|(?:[\"'`];?\s*?(?:select|union|having)\b\s*?[^\s])|(?:\wiif\s*?\()|(?:(?:exec|execute)\s+master\.)|(?:union select @)|(?:union[\w(\s]*?select)|(?:select.*?\w?user\()|(?:into[\s+]+(?:dump|out)file\s*?[\"'`]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942220) Executing operator "Rx" with param "(?i:(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942230) Executing operator "Rx" with param "(?i:(?:[\s()]case\s*?\()|(?:\)\s*?like\s*?\()|(?:having\s*?[^\s]+\s*?[^\w\s])|(?:if\s?\([\d\w]\s*?[=<>~]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942240) Executing operator "Rx" with param "(?i:(?:alter\s*?\w+.*?(?:character|char)\s+set\s+\w+)|([\"'`];*?\s*?waitfor\s+(?:time|delay)\s+[\"'`])|(?:[\"'`];.*?:\s*?goto))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942250) Executing operator "Rx" with param "(?i:(?:merge.*?using\s*?\()|(execute\s*?immediate\s*?[\"'`])|(?:match\s*?[\w(),+-]+\s*?against\s*?\())" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942270) Executing operator "Rx" with param "(?i:(?:(union(.*?)select(.*?)from)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942280) Executing operator "Rx" with param "(?i:(?:select\s*?pg_sleep)|(?:waitfor\s*?delay\s?[\"'`]+\s?\d)|(?:;\s*?shutdown\s*?(?:;|--|#|\/\*|{)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942290) Executing operator "Rx" with param "(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942320) Executing operator "Rx" with param "(?i:(?:procedure\s+analyse\s*?\()|(?:;\s*?(declare|open)\s+[\w-]+)|(?:create\s+(procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-)|(?:declare[^\w]+[@#]\s*?\w+)|(exec\s*?\(\s*?@))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942350) Executing operator "Rx" with param "(?i:(?:create\s+function\s+.+\s+returns)|(?:;\s*?(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*?[\[(]?\w{2,}))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942360) Executing operator "Rx" with param "(?i:(?:[\d\W]\s+as\s*?[\"'`\w]+\s*?from)|(?:^[\W\d]+\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*?\);)|([\"'`]\s+regexp\W)|(?:[\s(]load_file\s*?\())" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Skipped rule id '942110' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942120' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942130' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942150' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942180' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942200' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942210' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942260' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942300' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942310' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942330' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942340' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942370' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942380' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942390' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942400' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942410' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942430' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942440' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942450' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942016' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942251' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942420' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942431' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942460' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942018' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942421' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942432' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [4] Out of a SecMarker after skip 29.000000 rules.
 [4] (Rule: 943012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943100) Executing operator "Rx" with param "(?i)(?:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943110) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943120) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Skipped rule id '943016' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '943018' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 949100) Executing operator "Eq" with param "1" against IP.
 [6] Resolving: ip.reput_block_reason to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] (Rule: 949110) Executing operator "Ge" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:ANOMALY_SCORE.
 [6] Resolving: TX.ANOMALY_SCORE to: 5
 [9] Target value: "5" (Variable: TX:ANOMALY_SCORE)
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: TX.ANOMALY_SCORE to: 5
 [9] Saving msg: Inbound Anomaly Score Exceeded (Total Score: 5)
 [4] Running [independent] (non-disruptive) action: log
 [9] Saving transaction to logs
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.msg to: Request content type is not allowed by policy
 [8] Saving variable: TX:inbound_tx_msg with value: Request content type is not allowed by policy
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.anomaly_score to: 5
 [8] Saving variable: TX:inbound_anomaly_score with value: 5
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) ignoring action: pass (rule contains a disruptive action)
 [4] Running (non-disruptive) action: severity
 [9] This rule severity is: 2 current transaction is: 2
 [4] Running (disruptive)     action: deny
 [8] Running action deny
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: application-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: language-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: platform-multi
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: attack-generic
 [8] Skipping this phase as this request was already intercepted.
 [4] Starting phase RESPONSE_HEADERS. (SecRules 3)
 [9] This phase consists of 56 rule(s).
 [4] (Rule: 950020) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
 [9] Skipped rule id '950015' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950017' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 951011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Skipped rule id '951015' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '951017' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 952011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Skipped rule id '952015' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '952017' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 953011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Skipped rule id '953015' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '953017' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 954011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Skipped rule id '954015' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '954017' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 959011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Skipped rule id '959015' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '959017' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: END-RESPONSE-959-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [9] Appending response body: 0 bytes. Limit set to: 524288.000000
 [9] Appending response body: 0 bytes. Limit set to: 524288.000000
 [4] Starting phase RESPONSE_BODY. (SecRules 4)
 [9] This phase consists of 85 rule(s).
 [4] (Rule: 950021) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950130) Executing operator "Rx" with param "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
 [9] Skipped rule id '950100' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950016' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950022' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
 [4] Out of a SecMarker after skip 4.000000 rules.
 [4] (Rule: 951012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951100) Executing operator "PmFromFile" with param "sql-errors.data" against RESPONSE_BODY.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951110) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951120) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951130) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951140) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951150) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951160) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951170) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951180) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951190) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951200) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951210) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951220) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951230) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951240) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951250) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951260) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Skipped rule id '951016' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '951018' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 952012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952100) Executing operator "PmFromFile" with param "java-code-leakages.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952110) Executing operator "PmFromFile" with param "java-errors.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Skipped rule id '952016' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '952018' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 953012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953100) Executing operator "PmFromFile" with param "php-errors.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953110) Executing operator "Rx" with param "(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\$_(?:(?:pos|ge)t|session))\b" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953120) Executing operator "Rx" with param "<\?(?!xml)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Skipped rule id '953016' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '953018' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 954012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954100) Executing operator "Rx" with param "[a-z]:\\\\inetpub\b" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954110) Executing operator "Rx" with param "(?:Microsoft OLE DB Provider for SQL Server(?:<\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| \(0x80040e31\)<br>Timeout expired<br>)|<h1>internal server error<\/h1>.*?<h2>part of the server has crashed or it has a configuration error\.<\/h2>|cannot connect to the server: timed out)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954120) Executing operator "Rx" with param "(?:\b(?:A(?:DODB\.Command\b.{0,100}?\b(?:Application uses a value of the wrong type for the current operation\b|error')| trappable error occurred in an external object\. The script cannot continue running\b)|Microsoft VBScript (?:compilation (?:\(0x8|error)|runtime (?:Error|\(0x8))\b|Object required: '|error '800)|<b>Version Information:<\/b>(?:&nbsp;|\s)(?:Microsoft \.NET Framework|ASP\.NET) Version:|>error 'ASP\b|An Error Has Occurred|>Syntax error in string in query expression|\/[Ee]rror[Mm]essage\.aspx?\?[Ee]rror\b)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954130) Executing operator "Rx" with param "^404$" against RESPONSE_STATUS.
 [6] Resolving: TX.0 to: content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "403" (Variable: RESPONSE_STATUS)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: IIS Information Leakage
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "\bServer Error in.{0,50}?\bApplication\b" against RESPONSE_BODY.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Skipped rule id '954016' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '954018' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] (Rule: 959100) Executing operator "Ge" with param "4" Was: "%{tx.outbound_anomaly_score_threshold}" against TX:OUTBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX:OUTBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Skipped rule id '959016' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '959018' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: END-RESPONSE-959-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] Starting phase LOGGING. (SecRules 5)
 [9] This phase consists of 45 rule(s).
 [4] (Rule: 912110) Executing operator "Eq" with param "0" against TX:dos_burst_time_slice.
 [9] Target value: "0" (Variable: TX:dos_burst_time_slice)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_counter_threshold.
 [9] Target value: "0" (Variable: TX:dos_counter_threshold)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_block_timeout.
 [9] Target value: "0" (Variable: TX:dos_block_timeout)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_DOS_PROTECTION_CHECKS
 [9] Skipped rule id '912140' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912150' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912160' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912161' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912170' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912019' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912171' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END_DOS_PROTECTION_CHECKS
 [4] Out of a SecMarker after skip 9.000000 rules.
 [4] (Rule: 980100) Executing operator "Ge" with param "1" against TX.
 [6] Resolving: tx.anomaly_score to: 5
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.msg to: Request content type is not allowed by policy
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980110) Executing operator "Ge" with param "1" against TX.
 [6] Resolving: tx.anomaly_score to: 5
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.msg to: Request content type is not allowed by policy
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980120) Executing operator "Gt" with param "0" against TX:INBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [9] Target value: "5" (Variable: TX:INBOUND_ANOMALY_SCORE)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: log
 [9] Saving transaction to logs
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [9] Saving msg: Inbound Anomaly Score (Total Inbound Score: 5): Request content type is not allowed by policy
 [4] Rule returned 1.
 [4] Executing chained rule.
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] (Rule: 0) Executing operator "Lt" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:INBOUND_ANOMALY_SCORE.
 [9] Target value: "5" (Variable: TX:INBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] (Rule: 980130) Executing operator "Ge" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:INBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.sql_injection_score to: 0
 [6] Resolving: tx.xss_score to: 0
 [6] Resolving: tx.rfi_score to: 0
 [6] Resolving: tx.lfi_score to: 0
 [6] Resolving: tx.rce_score to: 0
 [6] Resolving: tx.php_injection_score to: 0
 [6] Resolving: tx.http_violation_score to: 0
 [6] Resolving: tx.session_fixation_score to: 0
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [9] Target value: "5" (Variable: TX:INBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: log
 [9] Saving transaction to logs
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 5
 [6] Resolving: tx.sql_injection_score to: 0
 [6] Resolving: tx.xss_score to: 0
 [6] Resolving: tx.rfi_score to: 0
 [6] Resolving: tx.lfi_score to: 0
 [6] Resolving: tx.rce_score to: 0
 [6] Resolving: tx.php_injection_score to: 0
 [6] Resolving: tx.http_violation_score to: 0
 [6] Resolving: tx.session_fixation_score to: 0
 [6] Resolving: tx.inbound_tx_msg to: Request content type is not allowed by policy
 [9] Saving msg: Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: noauditlog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: tag
 [9] Rule tag: event-correlation
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] (Rule: 980140) Executing operator "Ge" with param "4" Was: "%{tx.outbound_anomaly_score_threshold}" against TX:OUTBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.msg to: Request content type is not allowed by policy
 [9] Target value: "0" (Variable: TX:OUTBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [8] Checking if this request is suitable to be saved as an audit log.
 [8] Checking if this request is relevant to be part of the audit logs.
 [5] Saving this request as part of the audit logs.
 [8] Request was relevant to be saved. Parts: 6006
 [9] JSON: Cleaning up JSON results
diff --git a/modsec-debug-ok.log b/modsec-debug-ok.log
 [9] JSON parser initialization
 [9] yajl JSON parsing callback initialization
 [4] Initializing transaction
 [4] Transaction context created.
 [4] Starting phase CONNECTION. (SecRules 0)
 [9] This phase consists of 32 rule(s).
 [4] Starting phase URI. (SecRules 0 + 1/2)
 [4] Starting phase REQUEST_HEADERS.  (SecRules 1)
 [9] This phase consists of 134 rule(s).
 [4] (Rule: 200000) Executing operator "Rx" with param "(?:text|application)/xml" against REQUEST_HEADERS:Content-Type.
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200001) Executing operator "Rx" with param "application/json" against REQUEST_HEADERS:Content-Type.
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 900990) Executing unconditional rule...
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:crs_setup_version with value: 302
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901001) Executing operator "Eq" with param "0" against TX:crs_setup_version.
 [9] Target value: "1" (Variable: TX:crs_setup_version)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 901100) Executing operator "Eq" with param "0" against TX:inbound_anomaly_score_threshold.
 [9] Target value: "0" (Variable: TX:inbound_anomaly_score_threshold)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:inbound_anomaly_score_threshold with value: 5
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901110) Executing operator "Eq" with param "0" against TX:outbound_anomaly_score_threshold.
 [9] Target value: "0" (Variable: TX:outbound_anomaly_score_threshold)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:outbound_anomaly_score_threshold with value: 4
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901120) Executing operator "Eq" with param "0" against TX:paranoia_level.
 [9] Target value: "0" (Variable: TX:paranoia_level)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:paranoia_level with value: 1
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901130) Executing operator "Eq" with param "0" against TX:sampling_percentage.
 [9] Target value: "0" (Variable: TX:sampling_percentage)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sampling_percentage with value: 100
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901140) Executing operator "Eq" with param "0" against TX:critical_anomaly_score.
 [9] Target value: "0" (Variable: TX:critical_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:critical_anomaly_score with value: 5
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901141) Executing operator "Eq" with param "0" against TX:error_anomaly_score.
 [9] Target value: "0" (Variable: TX:error_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:error_anomaly_score with value: 4
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901142) Executing operator "Eq" with param "0" against TX:warning_anomaly_score.
 [9] Target value: "0" (Variable: TX:warning_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:warning_anomaly_score with value: 3
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901143) Executing operator "Eq" with param "0" against TX:notice_anomaly_score.
 [9] Target value: "0" (Variable: TX:notice_anomaly_score)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:notice_anomaly_score with value: 2
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901150) Executing operator "Eq" with param "0" against TX:do_reput_block.
 [9] Target value: "0" (Variable: TX:do_reput_block)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:do_reput_block with value: 0
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901152) Executing operator "Eq" with param "0" against TX:reput_block_duration.
 [9] Target value: "0" (Variable: TX:reput_block_duration)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:reput_block_duration with value: 300
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901160) Executing operator "Eq" with param "0" against TX:allowed_methods.
 [9] Target value: "0" (Variable: TX:allowed_methods)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_methods with value: GET HEAD POST OPTIONS'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901162) Executing operator "Eq" with param "0" against TX:allowed_request_content_type.
 [9] Target value: "0" (Variable: TX:allowed_request_content_type)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_request_content_type with value: application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901163) Executing operator "Eq" with param "0" against TX:allowed_http_versions.
 [9] Target value: "0" (Variable: TX:allowed_http_versions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:allowed_http_versions with value: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901164) Executing operator "Eq" with param "0" against TX:restricted_extensions.
 [9] Target value: "0" (Variable: TX:restricted_extensions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:restricted_extensions with value: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901165) Executing operator "Eq" with param "0" against TX:restricted_headers.
 [9] Target value: "0" (Variable: TX:restricted_headers)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:restricted_headers with value: /proxy/ /lock-token/ /content-range/ /translate/ /if/'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901166) Executing operator "Eq" with param "0" against TX:static_extensions.
 [9] Target value: "0" (Variable: TX:static_extensions)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:static_extensions with value: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] (Rule: 901200) Executing unconditional rule...
 [9] Rule contains a `pass' action
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sql_injection_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:xss_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:rfi_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:lfi_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:rce_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:php_injection_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:http_violation_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:session_fixation_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:inbound_anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:outbound_anomaly_score with value: 0
 [4] Running [independent] (non-disruptive) action: setvar
 [8] Saving variable: TX:sql_error_match with value: 0
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901318) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS:User-Agent.
 [9]  T (0) t:sha1: "Á	ò∑xak@sÈ‡´Í,#K+Ü+"
 [9]  T (1) t:hexEncode: "ffffffe709ffffff98ffffffb778616b4073ffffffe9ffffffe0ffffffabffffffea2c234b2b1dff (8 characters omitted)"
 [9] Target value: "ffffffe709ffffff98ffffffb778616b4073ffffffe9ffffffe0ffffffabffffffea2c234b2b1dff (8 characters omitted)" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: matched_var to: curl/7.52.1
 [8] Saving variable: TX:ua_hash with value: curl/7.52.1
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901321) Executing unconditional rule...
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: remote_addr to: 127.0.0.1
 [8] Saving variable: TX:real_ip with value: 127.0.0.1
 [9] Rule contains a `pass' action
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: initcol
 [5] Collection `global' initialized with value: global
 [4] Running (non-disruptive) action: initcol
 [6] Resolving: remote_addr to: 127.0.0.1
 [6] Resolving: tx.ua_hash to: curl/7.52.1
 [5] Collection `ip' initialized with value: 127.0.0.1_curl/7.52.1
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] (Rule: 901400) Executing operator "Eq" with param "100" against TX:sampling_percentage.
 [9] Target value: "100" (Variable: TX:sampling_percentage)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-SAMPLING
 [9] Skipped rule id '901410' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901420' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901430' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901440' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '901450' due to a SecMarker: END-SAMPLING
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-SAMPLING
 [9] Rule: END-SAMPLING
 [4] Out of a SecMarker after skip 6.000000 rules.
 [4] (Rule: 9001180) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/admin/content/assets/add/[a-z]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001182) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/admin/content/assets/manage/[0-9]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001184) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "/file/ajax/field_asset_[a-z0-9_]+/[ua]nd/0/form-[a-z0-9A-Z_-]+$" against REQUEST_FILENAME.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9002000) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress.
 [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-WORDPRESS
 [9] Skipped rule id '9002200' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002300' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002400' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS-ADMIN
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS
 [4] Out of a SecMarker after skip 5.000000 rules.
 [4] (Rule: 905100) Executing operator "StrEq" with param "GET /" against REQUEST_LINE.
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 905110) Executing operator "Rx" with param "^(GET /|OPTIONS \*) HTTP/[12]\.[01]$" against REQUEST_LINE.
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
 [9] Skipped rule id '910015' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '910017' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: END-REQUEST-910-IP-REPUTATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 911011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 911013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Skipped rule id '911015' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '911017' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 912100) Executing operator "Eq" with param "0" against TX:dos_burst_time_slice.
 [9] Target value: "0" (Variable: TX:dos_burst_time_slice)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_counter_threshold.
 [9] Target value: "0" (Variable: TX:dos_counter_threshold)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_block_timeout.
 [9] Target value: "0" (Variable: TX:dos_block_timeout)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_DOS_PROTECTION_CHECKS
 [9] Skipped rule id '912011' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912120' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912130' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912013' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912015' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912017' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END_DOS_PROTECTION_CHECKS
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 913011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
 [9] Skipped rule id '913015' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913017' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: END-REQUEST-913-SCANNER-DETECTION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 920011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920160) Executing operator "Rx" with param "!^\d+$" against REQUEST_HEADERS:Content-Length.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Skipped rule id '920015' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920017' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 921011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Skipped rule id '921015' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921017' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 930011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Skipped rule id '930015' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '930017' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 931011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Skipped rule id '931015' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931017' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 932011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Skipped rule id '932015' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '932017' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 933011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Skipped rule id '933015' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933017' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 941011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Skipped rule id '941015' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941017' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 942011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Skipped rule id '942015' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942017' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 943011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Skipped rule id '943015' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '943017' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 949011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 949013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Skipped rule id '949015' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '949017' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: END-REQUEST-949-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 980011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
 [9] Skipped rule id '980015' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '980017' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: END-RESPONSE-980-CORRELATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [9] Appending request body: 3 bytes. Limit set to: 13107200.000000
 [4] Starting phase REQUEST_BODY. (SecRules 2)
 [4] Adding request argument (POST): name "d", value "b"
 [9] This phase consists of 315 rule(s).
 [4] (Rule: 200002) Executing operator "Eq" with param "0" against REQBODY_ERROR.
 [6] Resolving: reqbody_error_msg to: NULL
 [9] Target value: "" (Variable: REQBODY_ERROR)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200003) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
 [6] Resolving: REQBODY_PROCESSOR_ERROR to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_QUOTED to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_WHITESPACE to: NULL
 [6] Resolving: MULTIPART_DATA_BEFORE to: NULL
 [6] Resolving: MULTIPART_DATA_AFTER to: NULL
 [6] Resolving: MULTIPART_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_LF_LINE to: NULL
 [6] Resolving: MULTIPART_MISSING_SEMICOLON to: NULL
 [6] Resolving: MULTIPART_INVALID_QUOTING to: NULL
 [6] Resolving: MULTIPART_INVALID_PART to: NULL
 [6] Resolving: MULTIPART_INVALID_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_FILE_LIMIT_EXCEEDED to: NULL
 [9] Target value: "" (Variable: MULTIPART_STRICT_ERROR)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200004) Executing operator "Eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY.
 [9] Target value: "" (Variable: MULTIPART_UNMATCHED_BOUNDARY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 200005) Executing operator "StrEq" with param "0" against TX.
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 9001000) Executing operator "Eq" with param "0" against TX:crs_exclusions_drupal|TX:crs_exclusions_drupal.
 [9] Target value: "0" (Variable: TX:crs_exclusions_drupal)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-DRUPAL-RULE-EXCLUSIONS
 [9] Skipped rule id '9001100' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001110' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001112' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001114' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001116' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001122' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001124' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001126' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001128' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001140' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001160' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001170' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001200' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001202' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001204' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001206' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001208' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001210' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001212' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001214' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '9001216' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-DRUPAL-RULE-EXCLUSIONS
 [9] Rule: END-DRUPAL-RULE-EXCLUSIONS
 [4] Out of a SecMarker after skip 22.000000 rules.
 [4] (Rule: 9002001) Executing operator "Eq" with param "0" against TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress.
 [9] Target value: "0" (Variable: TX:crs_exclusions_wordpress)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-WORDPRESS
 [9] Skipped rule id '9002100' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002120' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002130' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002150' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002160' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002401' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002410' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002420' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002520' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002530' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002540' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002600' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002700' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002710' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002720' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002730' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002740' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002750' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002760' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002800' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002810' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002820' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '9002900' due to a SecMarker: END-WORDPRESS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS-ADMIN
 [9] Skipped rule id '0' due to a SecMarker: END-WORDPRESS
 [9] Rule: END-WORDPRESS
 [4] Out of a SecMarker after skip 25.000000 rules.
 [4] (Rule: 910012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910000) Executing operator "Eq" with param "1" against TX:DO_REPUT_BLOCK.
 [6] Resolving: ip.reput_block_reason to: NULL
 [9] Target value: "0" (Variable: TX:DO_REPUT_BLOCK)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910100) Executing operator "Rx" with param "!^$" against TX:HIGH_RISK_COUNTRY_CODES.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910120) Executing operator "Eq" with param "1" against IP.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 910130) Executing operator "Eq" with param "0" against TX:block_suspicious_ip.
 [9] Target value: "0" (Variable: TX:block_suspicious_ip)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_harvester_ip.
 [9] Target value: "0" (Variable: TX:block_harvester_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_spammer_ip.
 [9] Target value: "0" (Variable: TX:block_spammer_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:block_search_ip.
 [9] Target value: "0" (Variable: TX:block_search_ip)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_RBL_CHECK
 [9] Skipped rule id '910140' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910150' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910160' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910170' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910180' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '910190' due to a SecMarker: END_RBL_CHECK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
 [9] Rule: END_RBL_LOOKUP
 [9] Skipped rule id '0' due to a SecMarker: END_RBL_CHECK
 [9] Rule: END_RBL_CHECK
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 910014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-910-IP-REPUTATION
 [9] Skipped rule id '910016' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '910018' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-910-IP-REPUTATION
 [9] Rule: END-REQUEST-910-IP-REPUTATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 911012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.allowed_methods to: GET HEAD POST OPTIONS'
 [4] (Rule: 911100) Executing operator "Within" with param "GET HEAD POST OPTIONS'" Was: "%{tx.allowed_methods}" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [6] Resolving: tx.allowed_methods to: GET HEAD POST OPTIONS'
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 911014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Skipped rule id '911016' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '911018' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
 [9] Rule: END-REQUEST-911-METHOD-ENFORCEMENT
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 912012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 912014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '912016' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: 
 [9] Skipped rule id '912018' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-912-DOS-PROTECTION
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 913012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913100) Executing operator "PmFromFile" with param "scanners-user-agents.data" against REQUEST_HEADERS:User-Agent.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913110) Executing operator "PmFromFile" with param "scanners-headers.data" against REQUEST_HEADERS_NAMES|REQUEST_HEADERS.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "host user-agent accept content-length content-type"
 [9] Target value: "host user-agent accept content-length content-type" (Variable: REQUEST_HEADERS_NAMES)
 [9]  T (0) t:lowercase: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:lowercase: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:lowercase: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913120) Executing operator "PmFromFile" with param "scanners-urls.data" against REQUEST_FILENAME|ARGS.
 [6] Resolving: TX.0 to: NULL
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9]  T (0) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 913014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
 [9] Skipped rule id '913101' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913102' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913016' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '913018' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
 [9] Rule: END-REQUEST-913-SCANNER-DETECTION
 [4] Out of a SecMarker after skip 5.000000 rules.
 [4] (Rule: 920012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920100) Executing operator "Rx" with param "!^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" against REQUEST_LINE.
 [6] Resolving: request_line to: POST /modsec-full/ HTTP/1.1
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920120) Executing operator "Rx" with param "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\"=]" against FILES_NAMES|FILES.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920130) Executing operator "Eq" with param "0" against REQBODY_ERROR.
 [6] Resolving: REQBODY_ERROR_MSG to: NULL
 [9] Target value: "" (Variable: REQBODY_ERROR)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920140) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
 [6] Resolving: REQBODY_PROCESSOR_ERROR to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_QUOTED to: NULL
 [6] Resolving: MULTIPART_BOUNDARY_WHITESPACE to: NULL
 [6] Resolving: MULTIPART_DATA_BEFORE to: NULL
 [6] Resolving: MULTIPART_DATA_AFTER to: NULL
 [6] Resolving: MULTIPART_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_LF_LINE to: NULL
 [6] Resolving: MULTIPART_SEMICOLON_MISSING to: NULL
 [6] Resolving: MULTIPART_INVALID_QUOTING to: NULL
 [6] Resolving: MULTIPART_INVALID_HEADER_FOLDING to: NULL
 [6] Resolving: MULTIPART_FILE_LIMIT_EXCEEDED to: NULL
 [9] Target value: "" (Variable: MULTIPART_STRICT_ERROR)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920170) Executing operator "Rx" with param "^(?:GET|HEAD)$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920180) Executing operator "Rx" with param "^POST$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: POST request missing Content-Length Header.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Content-Length.
 [9] Target value: "1" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920190) Executing operator "Rx" with param "(\d+)\-(\d+)\," against REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920210) Executing operator "Rx" with param "\b(keep-alive|close),\s?(keep-alive|close)\b" against REQUEST_HEADERS:Connection.
 [6] Resolving: matched_var to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920220) Executing operator "Rx" with param "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" against REQUEST_URI.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920240) Executing operator "Rx" with param "^(application\/x-www-form-urlencoded|text\/xml)(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$" against REQUEST_HEADERS:Content-Type.
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [9] Saving msg: URL Encoding Abuse Attack Attempt
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Rx" with param "\%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" against REQUEST_BODY|XML:/*.
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920250) Executing operator "Eq" with param "1" against TX:CRS_VALIDATE_UTF8_ENCODING.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920260) Executing operator "Rx" with param "\%u[fF]{2}[0-9a-fA-F]{2}" against REQUEST_URI|REQUEST_BODY.
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920270) Executing operator "ValidadeByteRange" with param "1-255" against REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES.
 [9]  T (0) t:urlDecodeUni: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9]  T (0) t:urlDecodeUni: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:urlDecodeUni: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:urlDecodeUni: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:urlDecodeUni: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:urlDecodeUni: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920280) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Host.
 [9] Target value: "1" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920290) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Host.
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920310) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920311) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920330) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:User-Agent.
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920340) Executing operator "Rx" with param "!^0$" against REQUEST_HEADERS:Content-Length.
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920350) Executing operator "Rx" with param "^[\d.:]+$" against REQUEST_HEADERS:Host.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920380) Executing operator "Eq" with param "1" against TX:MAX_NUM_ARGS.
 [9] Target value: "0" (Variable: TX:MAX_NUM_ARGS)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920360) Executing operator "Eq" with param "1" against TX:ARG_NAME_LENGTH.
 [9] Target value: "0" (Variable: TX:ARG_NAME_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920370) Executing operator "Eq" with param "1" against TX:ARG_LENGTH.
 [9] Target value: "0" (Variable: TX:ARG_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920390) Executing operator "Eq" with param "1" against TX:TOTAL_ARG_LENGTH.
 [9] Target value: "0" (Variable: TX:TOTAL_ARG_LENGTH)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920400) Executing operator "Eq" with param "1" against TX:MAX_FILE_SIZE.
 [9] Target value: "0" (Variable: TX:MAX_FILE_SIZE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920410) Executing operator "Eq" with param "1" against TX:COMBINED_FILE_SIZES.
 [9] Target value: "0" (Variable: TX:COMBINED_FILE_SIZES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920420) Executing operator "Rx" with param "!^(?:GET|HEAD|PROPFIND|OPTIONS)$" against REQUEST_METHOD.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "POST" (Variable: REQUEST_METHOD)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.allowed_http_versions to: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'
 [4] (Rule: 920430) Executing operator "Within" with param "HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'" Was: "%{tx.allowed_http_versions}" against REQUEST_PROTOCOL.
 [6] Resolving: matched_var to: NULL
 [9] Target value: "HTTP/1.1" (Variable: REQUEST_PROTOCOL)
 [6] Resolving: tx.allowed_http_versions to: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920440) Executing operator "Rx" with param "\.(.*)$" against REQUEST_BASENAME.
 [6] Resolving: TX.0 to: NULL
 [9]  T (0) t:urlDecodeUni: ""
 [9]  T (1) t:lowercase: ""
 [9] Target value: "" (Variable: REQUEST_BASENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920450) Executing operator "Rx" with param "^(.*)$" against REQUEST_HEADERS_NAMES.
 [6] Resolving: MATCHED_VAR to: NULL
 [6] Resolving: matched_var to: NULL
 [9]  T (0) t:lowercase: "host user-agent accept content-length content-type"
 [9] Target value: "host user-agent accept content-length content-type" (Variable: REQUEST_HEADERS_NAMES)
 [7] Added regex subexpression TX.0: host user-agent accept content-length content-type
 [7] Added regex subexpression TX.1: host user-agent accept content-length content-type
 [9] Matched vars updated.
 [4] Running [independent] (non-disruptive) action: msg
 [6] Resolving: MATCHED_VAR to: Host User-Agent Accept Content-Length Content-Type
 [9] Saving msg: HTTP header is restricted by policy (Host User-Agent Accept Content-Length Content-Type)
 [4] Running [independent] (non-disruptive) action: setvar
 [6] Resolving: tx.0 to: host user-agent accept content-length content-type
 [6] Resolving: tx.0 to: host user-agent accept content-length content-type
 [8] Saving variable: TX:header_name_host user-agent accept content-length content-type with value: /host user-agent accept content-length content-type/'
 [4] Rule returned 1.
 [4] Executing chained rule.
 [6] Resolving: tx.restricted_headers to: /proxy/ /lock-token/ /content-range/ /translate/ /if/'
 [4] (Rule: 0) Executing operator "Within" with param "/proxy/ /lock-token/ /content-range/ /translate/ /if/'" Was: "%{tx.restricted_headers}" against TX.
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 920014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Skipped rule id '920200' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920201' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920230' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920300' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920271' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920320' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920121' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920016' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920272' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920018' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920202' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920273' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920274' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '920460' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [9] Rule: END-REQUEST-920-PROTOCOL-ENFORCEMENT
 [4] Out of a SecMarker after skip 15.000000 rules.
 [4] (Rule: 921012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921100) Executing operator "Rx" with param "," against REQUEST_HEADERS.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921110) Executing operator "Rx" with param "(?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" against ARGS_NAMES|ARGS|XML:/*.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921120) Executing operator "Rx" with param "[\r\n]\W*?(?:content-(type|length)|set-cookie|location):" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921130) Executing operator "Rx" with param "(?:\bhttp\/(?:0\.9|1\.[01])|<(?:html|meta)\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921140) Executing operator "Rx" with param "(\n|\r)" against REQUEST_HEADERS_NAMES|REQUEST_HEADERS.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:htmlEntityDecode: "Host User-Agent Accept Content-Length Content-Type"
 [9]  T (1) t:lowercase: "host user-agent accept content-length content-type"
 [9] Target value: "host user-agent accept content-length content-type" (Variable: REQUEST_HEADERS_NAMES)
 [9]  T (0) t:htmlEntityDecode: "localhost"
 [9]  T (1) t:lowercase: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (1) t:lowercase: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:htmlEntityDecode: "*/*"
 [9]  T (1) t:lowercase: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:htmlEntityDecode: "3"
 [9]  T (1) t:lowercase: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:htmlEntityDecode: "application/x-www-form-urlencoded"
 [9]  T (1) t:lowercase: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921150) Executing operator "Rx" with param "(\n|\r)" against ARGS_NAMES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921160) Executing operator "Rx" with param "(?:\n|\r)+(?:\s+|location|refresh|(?:set-)?cookie|(X-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" against ARGS_NAMES|ARGS|XML:/*.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:htmlEntityDecode: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:htmlEntityDecode: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 921014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Skipped rule id '921151' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921016' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921170' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921180' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '921018' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
 [9] Rule: END-REQUEST-921-PROTOCOL-ATTACK
 [4] Out of a SecMarker after skip 6.000000 rules.
 [4] (Rule: 930012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930100) Executing operator "Rx" with param "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" against REQUEST_URI_RAW|REQUEST_BODY|REQUEST_HEADERS|XML:/*, except for: REQUEST_HEADERS:Referer.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI_RAW)
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930110) Executing operator "Pm" with param "..\ ../" against REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS|XML:/*, except for: REQUEST_HEADERS:Referer.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "/modsec-full/"
 [9]  T (1) t:urlDecodeUni: "/modsec-full/"
 [9]  T (2) t:removeNulls: "/modsec-full/"
 [9]  T (3) t:cmdLine: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_URI)
 [9]  T (0) t:utf8toUnicode: "d=b"
 [9]  T (1) t:urlDecodeUni: "d=b"
 [9]  T (2) t:removeNulls: "d=b"
 [9]  T (3) t:cmdLine: "d=b"
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [9]  T (0) t:utf8toUnicode: "localhost"
 [9]  T (1) t:urlDecodeUni: "localhost"
 [9]  T (2) t:removeNulls: "localhost"
 [9]  T (3) t:cmdLine: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:removeNulls: "curl/7.52.1"
 [9]  T (3) t:cmdLine: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "*/*"
 [9]  T (1) t:urlDecodeUni: "*/*"
 [9]  T (2) t:removeNulls: "*/*"
 [9]  T (3) t:cmdLine: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:utf8toUnicode: "3"
 [9]  T (1) t:urlDecodeUni: "3"
 [9]  T (2) t:removeNulls: "3"
 [9]  T (3) t:cmdLine: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:utf8toUnicode: "application/x-www-form-urlencoded"
 [9]  T (1) t:urlDecodeUni: "application/x-www-form-urlencoded"
 [9]  T (2) t:removeNulls: "application/x-www-form-urlencoded"
 [9]  T (3) t:cmdLine: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930120) Executing operator "PmFromFile" with param "lfi-os-files.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:normalizePathWin: "d"
 [9]  T (3) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:normalizePathWin: "b"
 [9]  T (3) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930130) Executing operator "PmFromFile" with param "restricted-files.data" against REQUEST_FILENAME.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "/modsec-full/"
 [9]  T (1) t:urlDecodeUni: "/modsec-full/"
 [9]  T (2) t:normalizePathWin: "/modsec-full/"
 [9]  T (3) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 930014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Skipped rule id '930016' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '930018' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [9] Rule: END-REQUEST-930-APPLICATION-ATTACK-LFI
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 931012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931100) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?):\/\/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" against ARGS.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931110) Executing operator "Rx" with param "(?i:(\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(file|ftps?|https?):\/\/)" against QUERY_STRING|REQUEST_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: ""
 [9] Target value: "" (Variable: QUERY_STRING)
 [9]  T (0) t:urlDecodeUni: "d=b"
 [9] Target value: "d=b" (Variable: REQUEST_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931120) Executing operator "Rx" with param "^(?i)(?:file|ftps?|https?)(.*?)\?+$" against ARGS.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 931014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Skipped rule id '931130' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931016' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '931018' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [9] Rule: END-REQUEST-931-APPLICATION-ATTACK-RFI
 [4] Out of a SecMarker after skip 4.000000 rules.
 [4] (Rule: 932012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932100) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:w[\\\\'\"]*p[\\\\'\"]*-[\\\\'\"]*(?:d[\\\\'\"]*(?:o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*m[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*q[\\\\'\"]*u[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|m[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*r)|s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|h[\\\\'\"]*w|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m|(?:\s|<|>).*)|o[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*(?:t[\\\\'\"]*e|l)[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|d[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|(?:[np]|y[\\\\'\"]*n[\\\\'\"]*x)[\\\\'\"]*(?:\s|<|>).*)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p[\\\\'\"]*2)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*h)|r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*k[\\\\'\"]*s[\\\\'\"]*w|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*(?:p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|h[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*(?:\s|<|>).*|f[\\\\'\"]*l[\\\\'\"]*a[\\\\'\"]*g[\\\\'\"]*s|a[\\\\'\"]*t[\\\\'\"]*t[\\\\'\"]*r|m[\\\\'\"]*o[\\\\'\"]*d)|r[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*b|(?:[cp]|a[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h)|f[\\\\'\"]*(?:i(?:[\\\\'\"]*(?:l[\\\\'\"]*e[\\\\'\"]*(?:t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|(?:\s|<|>).*)|n[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*))?|t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|u[\\\\'\"]*n[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n|(?:e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|c)[\\\\'\"]*(?:\s|<|>).*|o[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|e[\\\\'\"]*(?:n[\\\\'\"]*(?:v(?:[\\\\'\"]*-[\\\\'\"]*u[\\\\'\"]*p[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)?|d[\\\\'\"]*(?:i[\\\\'\"]*f|s[\\\\'\"]*w))|x[\\\\'\"]*(?:p[\\\\'\"]*(?:a[\\\\'\"]*n[\\\\'\"]*d|o[\\\\'\"]*r[\\\\'\"]*t|r)|e[\\\\'\"]*c[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*t)|c[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|s[\\\\'\"]*a[\\\\'\"]*c|v[\\\\'\"]*a[\\\\'\"]*l)|h[\\\\'\"]*(?:t[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|p[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|o[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e|i[\\\\'\"]*d)|(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*y)|i[\\\\'\"]*(?:p[\\\\'\"]*(?:(?:6[\\\\'\"]*)?t[\\\\'\"]*a[\\\\'\"]*b[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*s|c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g)|r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|f[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|g[\\\\'\"]*(?:(?:e[\\\\'\"]*t[\\\\'\"]*f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c|i[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|u[\\\\'\"]*n[\\\\'\"]*z[\\\\'\"]*i[\\\\'\"]*p|d[\\\\'\"]*b)|a[\\\\'\"]*(?:(?:l[\\\\'\"]*i[\\\\'\"]*a[\\\\'\"]*s|w[\\\\'\"]*k)[\\\\'\"]*(?:\s|<|>).*|d[\\\\'\"]*d[\\\\'\"]*u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r|p[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t|r[\\\\'\"]*(?:c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|d[\\\\'\"]*(?:h[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*i[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*t|(?:i[\\\\'\"]*f[\\\\'\"]*f|u)[\\\\'\"]*(?:\s|<|>).*|(?:m[\\\\'\"]*e[\\\\'\"]*s|p[\\\\'\"]*k)[\\\\'\"]*g|o[\\\\'\"]*(?:a[\\\\'\"]*s|n[\\\\'\"]*e)|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:k[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*r|o[\\\\'\"]*r[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*(?:x[\\\\'\"]*(?:\s|<|>).*|q)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)|j[\\\\'\"]*(?:(?:a[\\\\'\"]*v[\\\\'\"]*a|o[\\\\'\"]*b[\\\\'\"]*s)[\\\\'\"]*(?:\s|<|>).*|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c)|k[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*l[\\\\'\"]*(?:a[\\\\'\"]*l[\\\\'\"]*l|(?:\s|<|>).*)|(?:G[\\\\'\"]*E[\\\\'\"]*T[\\\\'\"]*(?:\s|<|>)|\.\s).*|7[\\\\'\"]*z(?:[\\\\'\"]*[ar])?)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932105) Executing operator "Rx" with param "(?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:(?:f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*)?(?:\s|<|>).*|e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d[\\\\'\"]*(?:\s|<|>).*)|h[\\\\'\"]*(?:\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b|u[\\\\'\"]*t[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n|(?:\s|<|>).*)|o[\\\\'\"]*(?:(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|r[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|c[\\\\'\"]*a[\\\\'\"]*t)|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p[\\\\'\"]*(?:\s|<|>).*)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|(?:l[\\\\'\"]*e[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|u[\\\\'\"]*(?:(?:\s|<|>).*|d[\\\\'\"]*o)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:k[\\\\'\"]*(?:g(?:(?:[\\\\'\"]*_)?[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*o)?|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|f[\\\\'\"]*(?:\s|<|>).*)|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|e[\\\\'\"]*r[\\\\'\"]*(?:l(?:[\\\\'\"]*(?:s[\\\\'\"]*h|5))?|m[\\\\'\"]*s)|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|(?:u[\\\\'\"]*s[\\\\'\"]*h|o[\\\\'\"]*p)[\\\\'\"]*d|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*(?:\s|<|>).*)|n[\\\\'\"]*(?:c[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|(?:\s|<|>).*|a[\\\\'\"]*t)|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t|(?:\s|<|>).*)|s[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*o[\\\\'\"]*k[\\\\'\"]*u[\\\\'\"]*p|t[\\\\'\"]*a[\\\\'\"]*t)|(?:a[\\\\'\"]*n[\\\\'\"]*o|i[\\\\'\"]*c[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|(?:o[\\\\'\"]*h[\\\\'\"]*u|m[\\\\'\"]*a)[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*)?(?:\s|<|>).*|u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|(?:a[\\\\'\"]*r|c[\\\\'\"]*p|p[\\\\'\"]*m)[\\\\'\"]*(?:\s|<|>).*|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|e[\\\\'\"]*(?:l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t|e[\\\\'\"]*(?:\s|<|>).*)|i[\\\\'\"]*m[\\\\'\"]*e[\\\\'\"]*(?:o[\\\\'\"]*u[\\\\'\"]*t|(?:\s|<|>).*)|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r[\\\\'\"]*(?:\s|<|>).*)|o[\\\\'\"]*(?:u[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|u[\\\\'\"]*(?:n[\\\\'\"]*(?:l[\\\\'\"]*(?:i[\\\\'\"]*n[\\\\'\"]*k[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*m[\\\\'\"]*a)|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l)|l[\\\\'\"]*i[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*(?:\s|<|>).*)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l(?:[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w))?|(?:(?:o[\\\\'\"]*u[\\\\'\"]*n|u[\\\\'\"]*t)[\\\\'\"]*t|v)[\\\\'\"]*(?:\s|<|>).*)|x[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|(?:\s|<|>).*)|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s|t[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*m|x[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*)|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|i[\\\\'\"]*p[\\\\'\"]*(?:\s|<|>).*|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|o[\\\\'\"]*(?:p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*l|n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*(?:a[\\\\'\"]*m[\\\\'\"]*i|(?:\s|<|>).*)|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|v[\\\\'\"]*i[\\\\'\"]*(?:m[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r|p[\\\\'\"]*w)|y[\\\\'\"]*u[\\\\'\"]*m)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932110) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:m[\"\^]*(?:y[\"\^]*s[\"\^]*q[\"\^]*l(?:[\"\^]*(?:d[\"\^]*u[\"\^]*m[\"\^]*p(?:[\"\^]*s[\"\^]*l[\"\^]*o[\"\^]*w)?|h[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*h[\"\^]*o[\"\^]*w))?|s[\"\^]*(?:i[\"\^]*(?:n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2|e[\"\^]*x[\"\^]*e[\"\^]*c)|c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|g[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*c)|o[\"\^]*(?:u[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|v[\"\^]*o[\"\^]*l)|v[\"\^]*e[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r|[dr][\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*i[\"\^]*n[\"\^]*k)|d[\"\^]*(?:s[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*d|(?:[\s,;]|\.|/|<|>).*)|a[\"\^]*p[\"\^]*i[\"\^]*s[\"\^]*e[\"\^]*n[\"\^]*d|b[\"\^]*s[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*i|e[\"\^]*a[\"\^]*s[\"\^]*u[\"\^]*r[\"\^]*e|m[\"\^]*s[\"\^]*y[\"\^]*s)|d[\"\^]*(?:i[\"\^]*(?:s[\"\^]*k[\"\^]*(?:(?:m[\"\^]*g[\"\^]*m|p[\"\^]*a[\"\^]*r)[\"\^]*t|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|r[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*e)|f[\"\^]*f[\"\^]*(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*(?:l[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*f|t[\"\^]*r[\"\^]*e[\"\^]*e|(?:[\s,;]|\.|/|<|>).*)|v[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c[\"\^]*o[\"\^]*n)|(?:f[\"\^]*r[\"\^]*a|b[\"\^]*u)[\"\^]*g)|s[\"\^]*(?:a[\"\^]*(?:c[\"\^]*l[\"\^]*s|d[\"\^]*d)|q[\"\^]*u[\"\^]*e[\"\^]*r[\"\^]*y|m[\"\^]*o[\"\^]*(?:v[\"\^]*e|d)|g[\"\^]*e[\"\^]*t|r[\"\^]*m)|(?:r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r|o[\"\^]*s[\"\^]*k[\"\^]*e)[\"\^]*y|(?:c[\"\^]*o[\"\^]*m[\"\^]*c[\"\^]*n[\"\^]*f|x[\"\^]*d[\"\^]*i[\"\^]*a)[\"\^]*g|a[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|n[\"\^]*s[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|c[\"\^]*(?:o[\"\^]*(?:m[\"\^]*(?:p[\"\^]*(?:(?:a[\"\^]*c[\"\^]*t[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|m[\"\^]*g[\"\^]*m[\"\^]*t)|e[\"\^]*x[\"\^]*p)|n[\"\^]*(?:2[\"\^]*p|v[\"\^]*e)[\"\^]*r[\"\^]*t|p[\"\^]*y)|l[\"\^]*(?:e[\"\^]*a[\"\^]*(?:n[\"\^]*m[\"\^]*g[\"\^]*r|r[\"\^]*m[\"\^]*e[\"\^]*m)|u[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*r)|h[\"\^]*(?:k[\"\^]*(?:n[\"\^]*t[\"\^]*f[\"\^]*s|d[\"\^]*s[\"\^]*k)|d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|s[\"\^]*(?:c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|c[\"\^]*m[\"\^]*d)|v[\"\^]*d[\"\^]*e)|e[\"\^]*r[\"\^]*t[\"\^]*(?:u[\"\^]*t[\"\^]*i[\"\^]*l|r[\"\^]*e[\"\^]*q)|a[\"\^]*(?:l[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|c[\"\^]*l[\"\^]*s)|m[\"\^]*d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|i[\"\^]*p[\"\^]*h[\"\^]*e[\"\^]*r|u[\"\^]*r[\"\^]*l)|f[\"\^]*(?:o[\"\^]*r[\"\^]*(?:m[\"\^]*a[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*n[\"\^]*d[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|s[\"\^]*t[\"\^]*r)|s[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|u[\"\^]*t[\"\^]*i[\"\^]*l)|t[\"\^]*(?:p[\"\^]*(?:[\s,;]|\.|/|<|>).*|y[\"\^]*p[\"\^]*e)|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|c[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*r[\"\^]*e[\"\^]*p)|n[\"\^]*(?:e[\"\^]*t[\"\^]*(?:s[\"\^]*(?:t[\"\^]*a[\"\^]*t|v[\"\^]*c|h)|(?:[\s,;]|\.|/|<|>).*|c[\"\^]*a[\"\^]*t|d[\"\^]*o[\"\^]*m)|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|r[\"\^]*i[\"\^]*g[\"\^]*h[\"\^]*t[\"\^]*s)|(?:s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u|m[\"\^]*a)[\"\^]*p|c[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|a[\"\^]*t)|b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|e[\"\^]*(?:x[\"\^]*(?:p[\"\^]*(?:a[\"\^]*n[\"\^]*d[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*r[\"\^]*e[\"\^]*r)|i[\"\^]*t)|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*(?:c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e|v[\"\^]*w[\"\^]*r)|n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|g[\"\^]*r[\"\^]*e[\"\^]*p|r[\"\^]*a[\"\^]*s[\"\^]*e|c[\"\^]*h[\"\^]*o)|g[\"\^]*(?:a[\"\^]*t[\"\^]*h[\"\^]*e[\"\^]*r[\"\^]*n[\"\^]*e[\"\^]*t[\"\^]*w[\"\^]*o[\"\^]*r[\"\^]*k[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*(?:(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l|e[\"\^]*d[\"\^]*i)[\"\^]*t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|i[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*t[\"\^]*m[\"\^]*a[\"\^]*c)|i[\"\^]*(?:r[\"\^]*b(?:[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))?|f[\"\^]*m[\"\^]*e[\"\^]*m[\"\^]*b[\"\^]*e[\"\^]*r|p[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|n[\"\^]*e[\"\^]*t[\"\^]*c[\"\^]*p[\"\^]*l|c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s)|a[\"\^]*(?:d[\"\^]*(?:d[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r[\"\^]*s|m[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*m[\"\^]*d)|r[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*t[\"\^]*r[\"\^]*i[\"\^]*b|s[\"\^]*s[\"\^]*o[\"\^]*c|z[\"\^]*m[\"\^]*a[\"\^]*n)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t|t[\"\^]*i[\"\^]*m[\"\^]*e|m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f)|a[\"\^]*b[\"\^]*e[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*r[\"\^]*m[\"\^]*g[\"\^]*r)|b[\"\^]*(?:(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)|r[\"\^]*o[\"\^]*w[\"\^]*s[\"\^]*t[\"\^]*a)[\"\^]*t|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|o[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*f[\"\^]*g)|h[\"\^]*(?:o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e|d[\"\^]*w[\"\^]*w[\"\^]*i[\"\^]*z)|j[\"\^]*a[\"\^]*v[\"\^]*a[\"\^]*(?:[\s,;]|\.|/|<|>).*|7[\"\^]*z(?:[\"\^]*[ar])?)(?:\.[\"\^]*\w+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932115) Executing operator "Rx" with param "(?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:s[\"\^]*(?:y[\"\^]*s[\"\^]*(?:t[\"\^]*e[\"\^]*m[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*t[\"\^]*i[\"\^]*e[\"\^]*s[\"\^]*(?:d[\"\^]*a[\"\^]*t[\"\^]*a[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*p[\"\^]*r[\"\^]*e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|(?:p[\"\^]*e[\"\^]*r[\"\^]*f[\"\^]*o[\"\^]*r[\"\^]*m[\"\^]*a[\"\^]*n[\"\^]*c|h[\"\^]*a[\"\^]*r[\"\^]*d[\"\^]*w[\"\^]*a[\"\^]*r)[\"\^]*e|a[\"\^]*d[\"\^]*v[\"\^]*a[\"\^]*n[\"\^]*c[\"\^]*e[\"\^]*d)|i[\"\^]*n[\"\^]*f[\"\^]*o)|k[\"\^]*e[\"\^]*y|d[\"\^]*m)|h[\"\^]*(?:o[\"\^]*(?:w[\"\^]*(?:g[\"\^]*r[\"\^]*p|m[\"\^]*b[\"\^]*r)[\"\^]*s|r[\"\^]*t[\"\^]*c[\"\^]*u[\"\^]*t)|e[\"\^]*l[\"\^]*l[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*a[\"\^]*s|u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|r[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*w|a[\"\^]*r[\"\^]*e|i[\"\^]*f[\"\^]*t)|e[\"\^]*(?:t[\"\^]*(?:(?:x[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l)|c[\"\^]*p[\"\^]*o[\"\^]*l|l[\"\^]*e[\"\^]*c[\"\^]*t)|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|l[\"\^]*i[\"\^]*s[\"\^]*t)|u[\"\^]*b[\"\^]*(?:i[\"\^]*n[\"\^]*a[\"\^]*c[\"\^]*l|s[\"\^]*t)|t[\"\^]*a[\"\^]*r[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|i[\"\^]*g[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f|l[\"\^]*(?:e[\"\^]*e[\"\^]*p|m[\"\^]*g[\"\^]*r)|o[\"\^]*r[\"\^]*t|f[\"\^]*c|v[\"\^]*n)|p[\"\^]*(?:s[\"\^]*(?:s[\"\^]*(?:h[\"\^]*u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|e[\"\^]*r[\"\^]*v[\"\^]*i[\"\^]*c[\"\^]*e|u[\"\^]*s[\"\^]*p[\"\^]*e[\"\^]*n[\"\^]*d)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:g[\"\^]*e[\"\^]*d[\"\^]*o[\"\^]*n|l[\"\^]*i[\"\^]*s[\"\^]*t)|i[\"\^]*s[\"\^]*t)|p[\"\^]*(?:a[\"\^]*s[\"\^]*s[\"\^]*w[\"\^]*d|i[\"\^]*n[\"\^]*g)|g[\"\^]*e[\"\^]*t[\"\^]*s[\"\^]*i[\"\^]*d|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*i[\"\^]*l[\"\^]*e|i[\"\^]*n[\"\^]*f[\"\^]*o|k[\"\^]*i[\"\^]*l[\"\^]*l)|o[\"\^]*(?:w[\"\^]*e[\"\^]*r[\"\^]*(?:s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l(?:[\"\^]*_[\"\^]*i[\"\^]*s[\"\^]*e)?|c[\"\^]*f[\"\^]*g)|r[\"\^]*t[\"\^]*q[\"\^]*r[\"\^]*y|p[\"\^]*d)|r[\"\^]*(?:i[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|b[\"\^]*r[\"\^]*m)|n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|m[\"\^]*n[\"\^]*g[\"\^]*r)|o[\"\^]*m[\"\^]*p[\"\^]*t)|a[\"\^]*t[\"\^]*h[\"\^]*(?:p[\"\^]*i[\"\^]*n[\"\^]*g|(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*r[\"\^]*(?:l(?:[\"\^]*(?:s[\"\^]*h|5))?|f[\"\^]*m[\"\^]*o[\"\^]*n)|y[\"\^]*t[\"\^]*h[\"\^]*o[\"\^]*n(?:[\"\^]*(?:3(?:[\"\^]*m)?|2))?|k[\"\^]*g[\"\^]*m[\"\^]*g[\"\^]*r|h[\"\^]*p(?:[\"\^]*[57])?|u[\"\^]*s[\"\^]*h[\"\^]*d|i[\"\^]*n[\"\^]*g)|r[\"\^]*(?:e[\"\^]*(?:(?:p[\"\^]*l[\"\^]*a[\"\^]*c[\"\^]*e|n(?:[\"\^]*a[\"\^]*m[\"\^]*e)?|s[\"\^]*e[\"\^]*t)[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*(?:s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2|e[\"\^]*d[\"\^]*i[\"\^]*t|(?:[\s,;]|\.|/|<|>).*|i[\"\^]*n[\"\^]*i)|c[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c|o[\"\^]*v[\"\^]*e[\"\^]*r)|k[\"\^]*e[\"\^]*y[\"\^]*w[\"\^]*i[\"\^]*z)|u[\"\^]*(?:n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|a[\"\^]*s)|b[\"\^]*y[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))|a[\"\^]*(?:s[\"\^]*(?:p[\"\^]*h[\"\^]*o[\"\^]*n[\"\^]*e|d[\"\^]*i[\"\^]*a[\"\^]*l)|r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*r[\"\^]*e)|o[\"\^]*(?:u[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)|s[\"\^]*(?:t[\"\^]*r[\"\^]*u[\"\^]*i|y[\"\^]*n[\"\^]*c)|d[\"\^]*(?:[\s,;]|\.|/|<|>).*)|t[\"\^]*(?:a[\"\^]*(?:s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*c[\"\^]*h[\"\^]*d|m[\"\^]*g[\"\^]*r)|k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n)|(?:i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u|p[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*i|e[\"\^]*l[\"\^]*n[\"\^]*e|l[\"\^]*i[\"\^]*s)[\"\^]*t|s[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c[\"\^]*o|s[\"\^]*h[\"\^]*u[\"\^]*t[\"\^]*d)[\"\^]*n|y[\"\^]*p[\"\^]*e[\"\^]*(?:p[\"\^]*e[\"\^]*r[\"\^]*f|(?:[\s,;]|\.|/|<|>).*)|r[\"\^]*(?:a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*t|e[\"\^]*e))|w[\"\^]*(?:i[\"\^]*n[\"\^]*(?:d[\"\^]*i[\"\^]*f[\"\^]*f|m[\"\^]*s[\"\^]*d[\"\^]*p|v[\"\^]*a[\"\^]*r|r[\"\^]*[ms])|u[\"\^]*(?:a[\"\^]*(?:u[\"\^]*c[\"\^]*l[\"\^]*t|p[\"\^]*p)|s[\"\^]*a)|s[\"\^]*c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|u[\"\^]*i)|e[\"\^]*v[\"\^]*t[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|m[\"\^]*i[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c)|a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|h[\"\^]*o[\"\^]*a[\"\^]*m[\"\^]*i|g[\"\^]*e[\"\^]*t)|u[\"\^]*(?:s[\"\^]*(?:e[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*c[\"\^]*o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*t[\"\^]*r[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*t[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s|r[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|n[\"\^]*(?:r[\"\^]*a[\"\^]*r|z[\"\^]*i[\"\^]*p))|q[\"\^]*(?:u[\"\^]*e[\"\^]*r[\"\^]*y[\"\^]*(?:[\s,;]|\.|/|<|>).*|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a|g[\"\^]*r[\"\^]*e[\"\^]*p)|o[\"\^]*(?:d[\"\^]*b[\"\^]*c[\"\^]*(?:a[\"\^]*d[\"\^]*3[\"\^]*2|c[\"\^]*o[\"\^]*n[\"\^]*f)|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|v[\"\^]*(?:o[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*y)|x[\"\^]*c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|o[\"\^]*p[\"\^]*y)|z[\"\^]*i[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*)(?:\.[\"\^]*\w+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932120) Executing operator "PmFromFile" with param "windows-powershell-commands.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932130) Executing operator "Rx" with param "(?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932140) Executing operator "Rx" with param "\b(?:if(?:/i)?(?: not)?(?: exist\b| defined\b| errorlevel\b| cmdextversion\b|(?: |\().*(?:\bgeq\b|\bequ\b|\bneq\b|\bleq\b|\bgtr\b|\blss\b|==))|for(/[dflr].*)* %+[^ ]+ in\(.*\)\s?do)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932150) Executing operator "Rx" with param "(?:^|=)\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m)|w[\\\\'\"]*p(?:[\\\\'\"]*-[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d)?|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|y[\\\\'\"]*n[\\\\'\"]*x)|s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d)|h(?:[\\\\'\"]*\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b)?|o[\\\\'\"]*(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|f[\\\\'\"]*t[\\\\'\"]*p|u[\\\\'\"]*d[\\\\'\"]*o|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|k[\\\\'\"]*(?:e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*v|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|e[\\\\'\"]*r[\\\\'\"]*l(?:[\\\\'\"]*5)?|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g)|n[\\\\'\"]*(?:c(?:[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|a[\\\\'\"]*t))?|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t)|o[\\\\'\"]*h[\\\\'\"]*u[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|i[\\\\'\"]*m[\\\\'\"]*e(?:[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t)?|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r)|e[\\\\'\"]*l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|m[\\\\'\"]*(?:u[\\\\'\"]*s[\\\\'\"]*e|d[\\\\'\"]*i)[\\\\'\"]*r|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c|c[\\\\'\"]*p)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*q)|u[\\\\'\"]*(?:n[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|l[\\\\'\"]*z[\\\\'\"]*m[\\\\'\"]*a|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l))|x[\\\\'\"]*(?:z(?:[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e))?|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s)|z[\\\\'\"]*(?:(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e|i)[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|f[\\\\'\"]*(?:t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o)|i[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h|c)|e[\\\\'\"]*(?:g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*h[\\\\'\"]*o|v[\\\\'\"]*a[\\\\'\"]*l|x[\\\\'\"]*e[\\\\'\"]*c|n[\\\\'\"]*v)|d[\\\\'\"]*(?:m[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*g|a[\\\\'\"]*s[\\\\'\"]*h|i[\\\\'\"]*f[\\\\'\"]*f|o[\\\\'\"]*a[\\\\'\"]*s)|g[\\\\'\"]*(?:z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*i|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|j[\\\\'\"]*(?:o[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*\s[\\\\'\"]*-[\\\\'\"]*x|a[\\\\'\"]*v[\\\\'\"]*a)|i[\\\\'\"]*r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|o[\\\\'\"]*n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r|h[\\\\'\"]*(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)|v[\\\\'\"]*i[\\\\'\"]*(?:g[\\\\'\"]*r|p[\\\\'\"]*w)|G[\\\\'\"]*E[\\\\'\"]*T)[\\\\'\"]*(?:\s|;|\||&|<|>)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932160) Executing operator "PmFromFile" with param "unix-shell.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:cmdLine: "d"
 [9]  T (2) t:normalizePath: "d"
 [9]  T (3) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:cmdLine: "b"
 [9]  T (2) t:normalizePath: "b"
 [9]  T (3) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932170) Executing operator "Rx" with param "^\(\s*\)\s+{" against REQUEST_HEADERS|REQUEST_LINE.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecode: "localhost"
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9]  T (0) t:urlDecode: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:urlDecode: "*/*"
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9]  T (0) t:urlDecode: "3"
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9]  T (0) t:urlDecode: "application/x-www-form-urlencoded"
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9]  T (0) t:urlDecode: "POST /modsec-full/ HTTP/1.1"
 [9] Target value: "POST /modsec-full/ HTTP/1.1" (Variable: REQUEST_LINE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932171) Executing operator "Rx" with param "^\(\s*\)\s+{" against ARGS_NAMES|ARGS|FILES_NAMES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 932014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Skipped rule id '932016' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '932018' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [9] Rule: END-REQUEST-932-APPLICATION-ATTACK-RCE
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 933012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933100) Executing operator "Rx" with param "(?:<\?(?!xml\s)|<\?php|\[(?:/|\\\\)?php\])" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933110) Executing operator "Rx" with param ".*\.(?:php\d*|phtml)\.*$" against FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X-File-Name.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933120) Executing operator "PmFromFile" with param "php-config-directives.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:normalisePath: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:normalisePath: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933130) Executing operator "PmFromFile" with param "php-variables.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:normalisePath: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:normalisePath: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933140) Executing operator "Rx" with param "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933150) Executing operator "PmFromFile" with param "php-function-names-933150.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: "/modsec-full/"
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9]  T (0) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:lowercase: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933160) Executing operator "Rx" with param "(?i)\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|b(?:(?:son_(?:de|en)|ase64_en)code|zopen)|var_dump)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933170) Executing operator "Rx" with param "[oOcC]:\d+:\".+?\":\d+:{.*}" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "localhost" (Variable: REQUEST_HEADERS:Host)
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] Target value: "*/*" (Variable: REQUEST_HEADERS:Accept)
 [9] Target value: "3" (Variable: REQUEST_HEADERS:Content-Length)
 [9] Target value: "application/x-www-form-urlencoded" (Variable: REQUEST_HEADERS:Content-Type)
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933180) Executing operator "Rx" with param "\$+(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+})(?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "/modsec-full/" (Variable: REQUEST_FILENAME)
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 933014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Skipped rule id '933151' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933016' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933131' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933161' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933111' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '933018' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [9] Rule: END-REQUEST-933-APPLICATION-ATTACK-PHP
 [4] Out of a SecMarker after skip 7.000000 rules.
 [4] (Rule: 941012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941100) Executing operator "DetectXSS" with param "" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] libinjection was not able to find any XSS in: curl/7.52.1
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] libinjection was not able to find any XSS in: d
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9] libinjection was not able to find any XSS in: b
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941110) Executing operator "Rx" with param "(?i)([<Ôºú]script[^>Ôºû]*[>Ôºû][\s\S]*?)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941120) Executing operator "Rx" with param "(?i)([\s\"'`;\/0-9\=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941130) Executing operator "Rx" with param "(?i)[\s\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\/html|pattern(?=.*?=)|formaction|\@import|base64)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941140) Executing operator "Rx" with param "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941160) Executing operator "Rx" with param "(?i)<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*?s\W*?c\W*?r\W*?i\W*?p\W*?t|\W*?f\W*?o\W*?r\W*?m|\W*?s\W*?t\W*?y\W*?l\W*?e|\W*?s\W*?v\W*?g|\W*?m\W*?a\W*?r\W*?q\W*?u\W*?e\W*?e|(?:\W*?l\W*?i\W*?n\W*?k|\W*?o\W*?b\W*?j\W*?e\W*?c\W*?t|\W*?e\W*?m\W*?b\W*?e\W*?d|\W*?a\W*?p\W*?p\W*?l\W*?e\W*?t|\W*?p\W*?a\W*?r\W*?a\W*?m|\W*?i?\W*?f\W*?r\W*?a\W*?m\W*?e|\W*?b\W*?a\W*?s\W*?e|\W*?b\W*?o\W*?d\W*?y|\W*?m\W*?e\W*?t\W*?a|\W*?i\W*?m\W*?a?\W*?g\W*?e?|\W*?v\W*?i\W*?d\W*?e\W*?o|\W*?a\W*?u\W*?d\W*?i\W*?o|\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|\W*?s\W*?e\W*?t|\W*?a\W*?n\W*?i\W*?m\W*?a\W*?t\W*?e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\x08]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941170) Executing operator "Rx" with param "(?i)(?:\W|^)(?:javascript:(?:[\s\S]+[=\\\(\[\.<]|[\s\S]*?(?:\bname\b|\\[ux]\d))|data:(?:(?:[a-z]\w+\/\w[\w+-]+\w)?[;,]|[\s\S]*?;[\s\S]*?\b(?:base64|charset=)|[\s\S]*?,[\s\S]*?<[\s\S]*?\w[\s\S]*?>))|@\W*?i\W*?m\W*?p\W*?o\W*?r\W*?t\W*?(?:\/\*[\s\S]*?)?(?:[\"']|\W*?u\W*?r\W*?l[\s\S]*?\()|\W*?-\W*?m\W*?o\W*?z\W*?-\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g[\s\S]*?:[\s\S]*?\W*?u\W*?r\W*?l[\s\S]*?\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:htmlEntityDecode: "curl/7.52.1"
 [9]  T (3) t:jsDecode: "curl/7.52.1"
 [9]  T (4) t:cssDecode: "curl/7.52.1"
 [9]  T (5) t:removeNulls: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941180) Executing operator "Pm" with param "document.cookie document.write .parentnode .innerhtml window.location -moz-binding <!-- --> <![cdata[" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:lowercase: "d"
 [9]  T (6) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:lowercase: "b"
 [9]  T (6) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941190) Executing operator "Rx" with param "(?i:<style.*?>.*?((@[i\\\\])|(([:=]|(&#x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&#x?0*((40)|(28)|(92)|(5C));?)))))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941200) Executing operator "Rx" with param "(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941210) Executing operator "Rx" with param "(?i:(j|(&#x?0*((74)|(4A)|(106)|(6A));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(a|(&#x?0*((65)|(41)|(97)|(61));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941220) Executing operator "Rx" with param "(?i:(v|(&#x?0*((86)|(56)|(118)|(76));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(b|(&#x?0*((66)|(42)|(98)|(62));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(s|(&#x?0*((83)|(53)|(115)|(73));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(c|(&#x?0*((67)|(43)|(99)|(63));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(r|(&#x?0*((82)|(52)|(114)|(72));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(i|(&#x?0*((73)|(49)|(105)|(69));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(p|(&#x?0*((80)|(50)|(112)|(70));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(t|(&#x?0*((84)|(54)|(116)|(74));?))([\t]|(&((#x?0*(9|(13)|(10)|A|D);?)|(tab;)|(newline;))))*(:|(&((#x?0*((58)|(3A));?)|(colon;)))).)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941230) Executing operator "Rx" with param "(?i:<EMBED[\s/+].*?((src)|(type)).*?=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941240) Executing operator "Rx" with param "<[?]?import[\s\/+\S]*?implementation[\s\/+]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:lowercase: "d"
 [9]  T (6) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:lowercase: "b"
 [9]  T (6) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941250) Executing operator "Rx" with param "(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\"\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941260) Executing operator "Rx" with param "(?i:<META[\s/+].*?charset[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941270) Executing operator "Rx" with param "(?i:<LINK[\s/+].*?href[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941280) Executing operator "Rx" with param "(?i:<BASE[\s/+].*?href[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941290) Executing operator "Rx" with param "(?i:<APPLET[\s/+>])" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941300) Executing operator "Rx" with param "(?i:<OBJECT[\s/+].*?((type)|(codetype)|(classid)|(code)|(data))[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:htmlEntityDecode: "d"
 [9]  T (3) t:jsDecode: "d"
 [9]  T (4) t:cssDecode: "d"
 [9]  T (5) t:removeNulls: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:htmlEntityDecode: "b"
 [9]  T (3) t:jsDecode: "b"
 [9]  T (4) t:cssDecode: "b"
 [9]  T (5) t:removeNulls: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941310) Executing operator "Rx" with param "(?:¬æ|¬º).*(?:¬æ|¬º|>)|(?:¬æ|¬º|<).*(?:¬æ|¬º)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9]  T (2) t:urlDecode: "d"
 [9]  T (3) t:htmlEntityDecode: "d"
 [9]  T (4) t:jsDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9]  T (2) t:urlDecode: "b"
 [9]  T (3) t:htmlEntityDecode: "b"
 [9]  T (4) t:jsDecode: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941350) Executing operator "Rx" with param "(?:\+ADw\-|\+AD4\-).*(?:\+ADw\-|\+AD4\-|>)|(?:\+ADw\-|\+AD4\-|<).*(?:\+ADw\-|\+AD4\-)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9]  T (2) t:urlDecode: "d"
 [9]  T (3) t:htmlEntityDecode: "d"
 [9]  T (4) t:jsDecode: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9]  T (1) t:lowercase: "b"
 [9]  T (2) t:urlDecode: "b"
 [9]  T (3) t:htmlEntityDecode: "b"
 [9]  T (4) t:jsDecode: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 941014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Skipped rule id '941101' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941150' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941320' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941330' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941340' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941016' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '941018' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [9] Rule: END-REQUEST-941-APPLICATION-ATTACK-XSS
 [4] Out of a SecMarker after skip 8.000000 rules.
 [4] (Rule: 942012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942100) Executing operator "DetectSQLi" with param "" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:utf8toUnicode: "curl/7.52.1"
 [9]  T (1) t:urlDecodeUni: "curl/7.52.1"
 [9]  T (2) t:removeNulls: "curl/7.52.1"
 [9]  T (3) t:removeComments: "curl/7.52.1"
 [9] Target value: "curl/7.52.1" (Variable: REQUEST_HEADERS:User-Agent)
 [9] detected SQLi: not able to find an inject on 'curl/7.52.1'
 [9]  T (0) t:utf8toUnicode: "d"
 [9]  T (1) t:urlDecodeUni: "d"
 [9]  T (2) t:removeNulls: "d"
 [9]  T (3) t:removeComments: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9] detected SQLi: not able to find an inject on 'd'
 [9]  T (0) t:utf8toUnicode: "b"
 [9]  T (1) t:urlDecodeUni: "b"
 [9]  T (2) t:removeNulls: "b"
 [9]  T (3) t:removeComments: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [9] detected SQLi: not able to find an inject on 'b'
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942140) Executing operator "Rx" with param "(?i:\b(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)\b|s(?:ys(?:\.database_name|aux)\b|chema(?:\W*\(|_name\b)|qlite(_temp)?_master\b)|d(?:atabas|b_nam)e\W*\(|information_schema\b|pg_(catalog|toast)\b|northwind\b|tempdb\b))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942160) Executing operator "Rx" with param "(?i:(sleep\((\s*?)(\d*?)(\s*?)\)|benchmark\((.*?)\,(.*?)\)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942170) Executing operator "Rx" with param "(?i:(?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*?\(?\s*?\w+))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942190) Executing operator "Rx" with param "(?i:(?:\s*?(?:exec|execute).*?(?:\W)xp_cmdshell)|(?:[\"'`]\s*?!\s*?[\"'`\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*?\([^\)]*?)|(?:[\"'`];?\s*?(?:select|union|having)\b\s*?[^\s])|(?:\wiif\s*?\()|(?:(?:exec|execute)\s+master\.)|(?:union select @)|(?:union[\w(\s]*?select)|(?:select.*?\w?user\()|(?:into[\s+]+(?:dump|out)file\s*?[\"'`]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942220) Executing operator "Rx" with param "(?i:(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942230) Executing operator "Rx" with param "(?i:(?:[\s()]case\s*?\()|(?:\)\s*?like\s*?\()|(?:having\s*?[^\s]+\s*?[^\w\s])|(?:if\s?\([\d\w]\s*?[=<>~]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942240) Executing operator "Rx" with param "(?i:(?:alter\s*?\w+.*?(?:character|char)\s+set\s+\w+)|([\"'`];*?\s*?waitfor\s+(?:time|delay)\s+[\"'`])|(?:[\"'`];.*?:\s*?goto))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942250) Executing operator "Rx" with param "(?i:(?:merge.*?using\s*?\()|(execute\s*?immediate\s*?[\"'`])|(?:match\s*?[\w(),+-]+\s*?against\s*?\())" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942270) Executing operator "Rx" with param "(?i:(?:(union(.*?)select(.*?)from)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942280) Executing operator "Rx" with param "(?i:(?:select\s*?pg_sleep)|(?:waitfor\s*?delay\s?[\"'`]+\s?\d)|(?:;\s*?shutdown\s*?(?:;|--|#|\/\*|{)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942290) Executing operator "Rx" with param "(?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942320) Executing operator "Rx" with param "(?i:(?:procedure\s+analyse\s*?\()|(?:;\s*?(declare|open)\s+[\w-]+)|(?:create\s+(procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-)|(?:declare[^\w]+[@#]\s*?\w+)|(exec\s*?\(\s*?@))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942350) Executing operator "Rx" with param "(?i:(?:create\s+function\s+.+\s+returns)|(?:;\s*?(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s*?[\[(]?\w{2,}))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942360) Executing operator "Rx" with param "(?i:(?:[\d\W]\s+as\s*?[\"'`\w]+\s*?from)|(?:^[\W\d]+\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*?\);)|([\"'`]\s+regexp\W)|(?:[\s(]load_file\s*?\())" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 942014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Skipped rule id '942110' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942120' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942130' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942150' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942180' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942200' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942210' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942260' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942300' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942310' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942330' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942340' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942370' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942380' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942390' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942400' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942410' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942430' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942440' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942450' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942016' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942251' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942420' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942431' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942460' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942018' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942421' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '942432' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [9] Rule: END-REQUEST-942-APPLICATION-ATTACK-SQLI
 [4] Out of a SecMarker after skip 29.000000 rules.
 [4] (Rule: 943012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943100) Executing operator "Rx" with param "(?i)(?:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*, except for: REQUEST_COOKIES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [9]  T (0) t:urlDecodeUni: "b"
 [9] Target value: "b" (Variable: ARGS:d)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943110) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943120) Executing operator "Rx" with param "^(jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:urlDecodeUni: "d"
 [9]  T (1) t:lowercase: "d"
 [9] Target value: "d" (Variable: ARGS_NAMES)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 943014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Skipped rule id '943016' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '943018' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [9] Rule: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 949100) Executing operator "Eq" with param "1" against IP.
 [6] Resolving: ip.reput_block_reason to: NULL
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] (Rule: 949110) Executing operator "Ge" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:ANOMALY_SCORE.
 [6] Resolving: TX.ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX:ANOMALY_SCORE)
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 949012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 949014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Skipped rule id '949016' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '949018' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
 [9] Rule: END-REQUEST-949-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 980012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
 [9] Skipped rule id '980016' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '980018' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-980-CORRELATION
 [9] Rule: END-RESPONSE-980-CORRELATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] Starting phase RESPONSE_HEADERS. (SecRules 3)
 [9] This phase consists of 56 rule(s).
 [4] (Rule: 950020) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
 [9] Skipped rule id '950015' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950017' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 951011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Skipped rule id '951015' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '951017' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 952011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Skipped rule id '952015' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '952017' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 953011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Skipped rule id '953015' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '953017' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 954011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Skipped rule id '954015' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '954017' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 959011) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959013) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Skipped rule id '959015' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '959017' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: END-RESPONSE-959-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [9] Appending response body: 0 bytes. Limit set to: 524288.000000
 [4] Starting phase RESPONSE_BODY. (SecRules 4)
 [9] This phase consists of 85 rule(s).
 [4] (Rule: 950021) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950130) Executing operator "Rx" with param "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 950014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-950-DATA-LEAKAGES
 [9] Skipped rule id '950100' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950016' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '950022' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-950-DATA-LEAKAGES
 [9] Rule: END-RESPONSE-950-DATA-LEAKAGES
 [4] Out of a SecMarker after skip 4.000000 rules.
 [4] (Rule: 951012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951100) Executing operator "PmFromFile" with param "sql-errors.data" against RESPONSE_BODY.
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951110) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951120) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951130) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951140) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951150) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951160) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951170) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951180) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951190) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951200) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951210) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951220) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951230) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951240) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951250) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951260) Executing operator "Eq" with param "1" against TX:sql_error_match.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "0" (Variable: TX:sql_error_match)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 951014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Skipped rule id '951016' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '951018' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [9] Rule: END-RESPONSE-951-DATA-LEAKAGES-SQL
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 952012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952100) Executing operator "PmFromFile" with param "java-code-leakages.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952110) Executing operator "PmFromFile" with param "java-errors.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 952014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Skipped rule id '952016' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '952018' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [9] Rule: END-RESPONSE-952-DATA-LEAKAGES-JAVA
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 953012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953100) Executing operator "PmFromFile" with param "php-errors.data" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953110) Executing operator "Rx" with param "(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\$_(?:(?:pos|ge)t|session))\b" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953120) Executing operator "Rx" with param "<\?(?!xml)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 953014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Skipped rule id '953016' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '953018' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [9] Rule: END-RESPONSE-953-DATA-LEAKAGES-PHP
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] (Rule: 954012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954100) Executing operator "Rx" with param "[a-z]:\\\\inetpub\b" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9]  T (0) t:lowercase: ""
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954110) Executing operator "Rx" with param "(?:Microsoft OLE DB Provider for SQL Server(?:<\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| \(0x80040e31\)<br>Timeout expired<br>)|<h1>internal server error<\/h1>.*?<h2>part of the server has crashed or it has a configuration error\.<\/h2>|cannot connect to the server: timed out)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954120) Executing operator "Rx" with param "(?:\b(?:A(?:DODB\.Command\b.{0,100}?\b(?:Application uses a value of the wrong type for the current operation\b|error')| trappable error occurred in an external object\. The script cannot continue running\b)|Microsoft VBScript (?:compilation (?:\(0x8|error)|runtime (?:Error|\(0x8))\b|Object required: '|error '800)|<b>Version Information:<\/b>(?:&nbsp;|\s)(?:Microsoft \.NET Framework|ASP\.NET) Version:|>error 'ASP\b|An Error Has Occurred|>Syntax error in string in query expression|\/[Ee]rror[Mm]essage\.aspx?\?[Ee]rror\b)" against RESPONSE_BODY.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "" (Variable: RESPONSE_BODY)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954130) Executing operator "Rx" with param "!^404$" against RESPONSE_STATUS.
 [6] Resolving: TX.0 to: host user-agent accept content-length content-type
 [6] Resolving: MATCHED_VAR_NAME to: NULL
 [6] Resolving: MATCHED_VAR to: NULL
 [9] Target value: "200" (Variable: RESPONSE_STATUS)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 954014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Skipped rule id '954016' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '954018' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [9] Rule: END-RESPONSE-954-DATA-LEAKAGES-IIS
 [4] Out of a SecMarker after skip 3.000000 rules.
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] (Rule: 959100) Executing operator "Ge" with param "4" Was: "%{tx.outbound_anomaly_score_threshold}" against TX:OUTBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX:OUTBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959012) Executing operator "Lt" with param "1" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 959014) Executing operator "Lt" with param "2" against TX:PARANOIA_LEVEL.
 [9] Target value: "1" (Variable: TX:PARANOIA_LEVEL)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Skipped rule id '959016' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '959018' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END-RESPONSE-959-BLOCKING-EVALUATION
 [9] Rule: END-RESPONSE-959-BLOCKING-EVALUATION
 [4] Out of a SecMarker after skip 3.000000 rules.
 [4] Starting phase LOGGING. (SecRules 5)
 [9] This phase consists of 45 rule(s).
 [4] (Rule: 912110) Executing operator "Eq" with param "0" against TX:dos_burst_time_slice.
 [9] Target value: "0" (Variable: TX:dos_burst_time_slice)
 [9] Matched vars updated.
 [9] Rule contains a `pass' action
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_counter_threshold.
 [9] Target value: "0" (Variable: TX:dos_counter_threshold)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [4] Executing chained rule.
 [4] (Rule: 0) Executing operator "Eq" with param "0" against TX:dos_block_timeout.
 [9] Target value: "0" (Variable: TX:dos_block_timeout)
 [9] Matched vars updated.
 [4] Rule returned 1.
 [9] (SecDefaultAction) Running action: log
 [9] Saving transaction to logs
 [9] (SecDefaultAction) Running action: auditlog
 [4] (SecDefaultAction) Running action: pass (rule does not contain a disruptive action)
 [8] Running action pass
 [4] Running (non-disruptive) action: nolog
 [4] Running (disruptive)     action: pass
 [8] Running action pass
 [4] Running (non-disruptive) action: skipAfter
 [5] Setting skipAfter for: END_DOS_PROTECTION_CHECKS
 [9] Skipped rule id '912140' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912150' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912160' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912161' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912170' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912019' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '912171' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: 
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END-REQUEST-912-DOS-PROTECTION
 [9] Skipped rule id '0' due to a SecMarker: END_DOS_PROTECTION_CHECKS
 [9] Rule: END_DOS_PROTECTION_CHECKS
 [4] Out of a SecMarker after skip 9.000000 rules.
 [4] (Rule: 980100) Executing operator "Ge" with param "1" against TX.
 [6] Resolving: tx.anomaly_score to: 0
 [6] Resolving: tx.inbound_tx_msg to: NULL
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.msg to: NULL
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980110) Executing operator "Ge" with param "1" against TX.
 [6] Resolving: tx.anomaly_score to: 0
 [6] Resolving: tx.inbound_tx_msg to: NULL
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.msg to: NULL
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [9] Target value: "0" (Variable: TX)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [4] (Rule: 980120) Executing operator "Gt" with param "0" against TX:INBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.inbound_tx_msg to: NULL
 [9] Target value: "0" (Variable: TX:INBOUND_ANOMALY_SCORE)
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] (Rule: 980130) Executing operator "Ge" with param "5" Was: "%{tx.inbound_anomaly_score_threshold}" against TX:INBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.INBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.sql_injection_score to: 0
 [6] Resolving: tx.xss_score to: 0
 [6] Resolving: tx.rfi_score to: 0
 [6] Resolving: tx.lfi_score to: 0
 [6] Resolving: tx.rce_score to: 0
 [6] Resolving: tx.php_injection_score to: 0
 [6] Resolving: tx.http_violation_score to: 0
 [6] Resolving: tx.session_fixation_score to: 0
 [6] Resolving: tx.inbound_tx_msg to: NULL
 [9] Target value: "0" (Variable: TX:INBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.inbound_anomaly_score_threshold to: 5
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] (Rule: 980140) Executing operator "Ge" with param "4" Was: "%{tx.outbound_anomaly_score_threshold}" against TX:OUTBOUND_ANOMALY_SCORE.
 [6] Resolving: TX.OUTBOUND_ANOMALY_SCORE to: 0
 [6] Resolving: tx.msg to: NULL
 [9] Target value: "0" (Variable: TX:OUTBOUND_ANOMALY_SCORE)
 [6] Resolving: tx.outbound_anomaly_score_threshold to: 4
 [4] Rule returned 0.
 [9] Matched vars cleaned.
 [8] Checking if this request is suitable to be saved as an audit log.
 [8] Checking if this request is relevant to be part of the audit logs.
 [9] Return code `200' is not interesting to audit logs, relevant code(s): `^(?:5|4(?!04))'.
 [9] JSON: Cleaning up JSON results