{"ts":1655381650,"time":"jeu, 16 Juin 2022 13:14:10 +0100","rules":{"shield\/request_status_is_admin":{"slug":"shield\/request_status_is_admin","name":"Is Admin?","description":"Request Status - Is Admin?","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"OR","group":[{"condition":"wp_is_admin"}]},"responses":[],"immediate_exec_response":false},"shield\/request_status_is_ajax":{"slug":"shield\/request_status_is_ajax","name":"Is AJAX?","description":"Request Status - Is AJAX?","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"OR","group":[{"condition":"wp_is_ajax"}]},"responses":[],"immediate_exec_response":false},"shield\/request_status_is_xmlrpc":{"slug":"shield\/request_status_is_xmlrpc","name":"Is XML-RPC?","description":"Request Status - Is XML-RPC?","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"OR","group":[{"condition":"wp_is_xmlrpc"}]},"responses":[],"immediate_exec_response":false},"shield\/request_status_is_wpcli":{"slug":"shield\/request_status_is_wpcli","name":"Is WP-CLI?","description":"Request Status - Is WP-CLI?","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"OR","group":[{"condition":"wp_is_wpcli"}]},"responses":[],"immediate_exec_response":false},"shield\/is_server_loopback":{"slug":"shield\/is_server_loopback","name":"Is Server Loopback","description":"Is Server Loopback request.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"condition":"match_request_ip","params":{"match_ips":["109.234.161.33"]}}]},"responses":[],"immediate_exec_response":false},"shield\/is_trusted_bot":{"slug":"shield\/is_trusted_bot","name":"Is Trusted Bot","description":"Test whether the visitor is a trusted bot.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/is_server_loopback","invert_match":true},{"condition":"match_request_ip_identity","params":{"match_not_ip_ids":["unknown","server","visitor"]}}]},"responses":[{"response":"set_is_trusted_bot"}],"immediate_exec_response":false},"shield\/is_public_web_request":{"slug":"shield\/is_public_web_request","name":"Is Public Web Request","description":"Is a public web request.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"condition":"wp_is_wpcli","invert_match":true},{"condition":"is_ip_valid_public"},{"rule":"shield\/is_server_loopback","invert_match":true}]},"responses":[],"immediate_exec_response":false},"shield\/is_ip_whitelisted":{"slug":"shield\/is_ip_whitelisted","name":"Is IP Whitelisted","description":"Test whether the current Request IP is whitelisted.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"condition":"is_ip_whitelisted"}]},"responses":[{"response":"set_ip_whitelisted"}],"immediate_exec_response":false},"shield\/is_path_whitelisted":{"slug":"shield\/is_path_whitelisted","name":"Is Path Whitelisted","description":"Test whether the current Request Path is whitelisted.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"condition":"match_request_path","params":{"is_match_regex":true,"match_paths":[]}}]},"responses":[],"immediate_exec_response":false},"shield\/request_bypasses_all_restrictions":{"slug":"shield\/request_bypasses_all_restrictions","name":"A Request That Bypasses Restrictions","description":"Does the request bypass all plugin restrictions.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"OR","group":[{"condition":"is_force_off"},{"rule":"shield\/is_public_web_request","invert_match":true},{"rule":"shield\/is_trusted_bot"},{"rule":"shield\/is_path_whitelisted"},{"rule":"shield\/is_ip_whitelisted"}]},"responses":[{"response":"set_request_bypasses_all_restrictions"}],"immediate_exec_response":true},"shield\/is_ip_blocked":{"slug":"shield\/is_ip_blocked","name":"Is IP Blocked","description":"Test whether the current Request IP is Blocked.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_ip_blocked"},{"condition":"is_ip_high_reputation","invert_match":true}]},"responses":[{"response":"set_ip_blocked"}],"immediate_exec_response":false},"shield\/is_bot_probe_404":{"slug":"shield\/is_bot_probe_404","name":"Bot-Track 404","description":"Tracking HTTP 404 errors by bots probing a site","wp_hook":"template_redirect","wp_hook_level":60,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_not_logged_in_normal"},{"condition":"match_request_status_code","params":{"code":"404"}},{"logic":"OR","group":[{"condition":"not_match_request_path","params":{"is_match_regex":true,"match_paths":["\\.(js|css|gif|jpg|jpeg|png|map|ttf|woff|woff2)$"]}},{"condition":"is_request_to_invalid_plugin"},{"condition":"is_request_to_invalid_theme"}]}]},"responses":[{"response":"event_fire","params":{"event":"bottrack_404","offense_count":0,"block":false,"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent"}}}],"immediate_exec_response":false},"shield\/is_bot_probe_xmlrpc":{"slug":"shield\/is_bot_probe_xmlrpc","name":"Bot-Track XML-RPC","description":"Track probing bots that send requests to XML-RPC.","wp_hook":"init","wp_hook_level":20,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_not_logged_in_normal"},{"condition":"wp_is_xmlrpc"},{"condition":"match_request_path","params":{"is_match_regex":true,"match_paths":["\/xmlrpc\\.php$"]}}]},"responses":[{"response":"event_fire","params":{"event":"bottrack_xmlrpc","offense_count":0,"block":false,"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent"}}}],"immediate_exec_response":false},"shield\/is_bot_probe_fakewebcrawler":{"slug":"shield\/is_bot_probe_fakewebcrawler","name":"Bot-Track Fake Web Crawler","description":"Track probing bots that incorrectly identify as official web crawlers.","wp_hook":"init","wp_hook_level":20,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_not_logged_in_normal"},{"condition":"match_request_path","params":{"is_match_regex":true,"match_paths":[".*"]}},{"condition":"match_request_useragent","params":{"match_useragents":["AhrefsBot","Applebot\/","baidu","bingbot","facebookexternalhit","Googlebot","APIs-Google","AdsBot-Google","Mediapartners-Google","PetalBot","Pinterestbot","SemrushBot","SeznamBot\/","yahoo!","yandex.com\/bots"]}}]},"responses":[{"response":"event_fire","params":{"event":"bottrack_fakewebcrawler","offense_count":0,"block":false,"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent"}}}],"immediate_exec_response":false},"shield\/is_bot_probe_invalidscript":{"slug":"shield\/is_bot_probe_invalidscript","name":"Bot-Track Invalid Script","description":"Track probing bots that send requests to invalid scripts.","wp_hook":"init","wp_hook_level":20,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_not_logged_in_normal"},{"condition":"match_request_script_name","invert_match":true,"params":{"is_match_regex":false,"match_script_names":["index.php","admin-ajax.php","wp-activate.php","wp-links-opml.php","wp-cron.php","wp-login.php","wp-mail.php","wp-comments-post.php","wp-signup.php","wp-trackback.php","xmlrpc.php","admin.php"]}}]},"responses":[{"response":"event_fire","params":{"event":"bottrack_invalidscript","offense_count":0,"block":false,"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent"}}}],"immediate_exec_response":false},"shield\/is_request_author_discovery":{"slug":"shield\/is_request_author_discovery","name":"Detect Author Discovery","description":"Detect and block Author Discovery requests via ?author=x query.","wp_hook":"init","wp_hook_level":20,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"condition":"is_not_logged_in_normal"},{"condition":"request_query_param_is","params":{"match_param":"author","match_patterns":["^\\d+$"]}}]},"responses":[{"response":"event_fire","params":{"event":"block_author_fishing","offense_count":1,"block":false}},{"response":"block_author_fishing"}],"immediate_exec_response":false},"shield\/firewall_sql_queries":{"slug":"shield\/firewall_sql_queries","name":"Pare-feu: Requ\u00eates SQL","description":"Check request parameters that trigger \"Pare-feu: Requ\u00eates SQL\" patterns.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"rule":"shield\/is_ip_blocked","invert_match":true},{"condition":"request_has_parameters"},{"condition":"not_match_request_path","params":{"is_match_regex":false,"match_paths":["\/wp-admin\/options-general.php","\/wp-admin\/post-new.php","\/wp-admin\/page-new.php","\/wp-admin\/link-add.php","\/wp-admin\/media-upload.php","\/wp-admin\/page.php","\/wp-admin\/admin-ajax.php"]}},{"logic":"OR","group":[{"condition":"match_request_param_query","params":{"is_match_regex":true,"match_patterns":["concat\\s*\\(","group_concat","union.*select"],"match_category":"sql_queries","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}},{"condition":"match_request_param_post","params":{"is_match_regex":true,"match_patterns":["concat\\s*\\(","group_concat","union.*select"],"match_category":"sql_queries","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}}]}]},"responses":[{"response":"event_fire","params":{"event":"firewall_block","offense_count":1,"block":false,"audit_params":{"name":"Pare-feu: Requ\u00eates SQL"},"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent","term":"match_pattern","param":"match_request_param","value":"match_request_value","scan":"match_category","type":"match_type"}}},{"response":"firewall_block","params":[]}],"immediate_exec_response":false},"shield\/firewall_dir_traversal":{"slug":"shield\/firewall_dir_traversal","name":"Pare-feu: R\u00e9pertoires Transversaux","description":"Check request parameters that trigger \"Pare-feu: R\u00e9pertoires Transversaux\" patterns.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"rule":"shield\/is_ip_blocked","invert_match":true},{"condition":"request_has_parameters"},{"condition":"not_match_request_path","params":{"is_match_regex":false,"match_paths":["\/wp-admin\/options-general.php","\/wp-admin\/post-new.php","\/wp-admin\/page-new.php","\/wp-admin\/link-add.php","\/wp-admin\/media-upload.php","\/wp-admin\/page.php","\/wp-admin\/admin-ajax.php"]}},{"logic":"OR","group":[{"condition":"match_request_param_query","params":{"is_match_regex":false,"match_patterns":["etc\/passwd","proc\/self\/environ","etc\/passwd","makefile","wwwroot","pingserver","..\/","loopback"],"match_category":"dir_traversal","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}},{"condition":"match_request_param_post","params":{"is_match_regex":false,"match_patterns":["etc\/passwd","proc\/self\/environ","etc\/passwd","makefile","wwwroot","pingserver","..\/","loopback"],"match_category":"dir_traversal","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}}]}]},"responses":[{"response":"event_fire","params":{"event":"firewall_block","offense_count":1,"block":false,"audit_params":{"name":"Pare-feu: R\u00e9pertoires Transversaux"},"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent","term":"match_pattern","param":"match_request_param","value":"match_request_value","scan":"match_category","type":"match_type"}}},{"response":"firewall_block","params":[]}],"immediate_exec_response":false},"shield\/firewall_field_truncation":{"slug":"shield\/firewall_field_truncation","name":"Pare-feu: Troncature de Champ","description":"Check request parameters that trigger \"Pare-feu: Troncature de Champ\" patterns.","wp_hook":"","wp_hook_level":0,"flags":{"is_core_shield":true},"conditions":{"logic":"AND","group":[{"rule":"shield\/request_bypasses_all_restrictions","invert_match":true},{"rule":"shield\/is_ip_blocked","invert_match":true},{"condition":"request_has_parameters"},{"condition":"not_match_request_path","params":{"is_match_regex":false,"match_paths":["\/wp-admin\/options-general.php","\/wp-admin\/post-new.php","\/wp-admin\/page-new.php","\/wp-admin\/link-add.php","\/wp-admin\/media-upload.php","\/wp-admin\/page.php","\/wp-admin\/admin-ajax.php"]}},{"logic":"OR","group":[{"condition":"match_request_param_query","params":{"is_match_regex":true,"match_patterns":["\\s{49,}","\\x00"],"match_category":"field_truncation","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}},{"condition":"match_request_param_post","params":{"is_match_regex":true,"match_patterns":["\\s{49,}","\\x00"],"match_category":"field_truncation","excluded_params":{"\/wp-admin\/options-general.php":[],"\/wp-admin\/options.php":{"simple":["home","siteurl"]},"\/wp-admin\/plugins.php":{"simple":["plugin"]},"\/wp-admin\/post-new.php":[],"\/wp-admin\/page-new.php":[],"\/wp-admin\/link-add.php":[],"\/wp-admin\/media-upload.php":[],"\/wp-admin\/admin.php":{"simple":["page"]},"\/wp-admin\/post.php":{"simple":["content"]},"\/wp-admin\/plugin-editor.php":{"simple":["newcontent"]},"\/wp-admin\/page.php":[],"\/wp-admin\/admin-ajax.php":[],"\/wp-comments-post.php":{"simple":["url","comment"]},"*":{"regex":["^wordpress_logged_in_[0-9a-f]+$","^et_.*"],"simple":["affwp_action","ajaxurl","g-recaptcha-response","verify_sign","txn_id","wp_http_referer","_wp_http_referer","_wp_original_http_referer","JCS_INENREF","pass1","pass1-text","pwd","url","referredby","return","redirect_to","jetpack_sso_original_request","jetpack_sso_redirect_to","edd_action","edd_redirect","wpcf7-form","yoast_wpseo_metadesc","icwp_wpsf_new_u2f_response","icwp_wpsf_u2f_otp","shield_action","appId","ping_sites","aioseo-post-settings","joe-chnlcustid","spd-custhash","joe-custinfo"]}}}}]}]},"responses":[{"response":"event_fire","params":{"event":"firewall_block","offense_count":1,"block":false,"audit_params":{"name":"Pare-feu: Troncature de Champ"},"audit_params_map":{"path":"matched_path","script":"matched_script_name","crawler":"matched_useragent","term":"match_pattern","param":"match_request_param","value":"match_request_value","scan":"match_category","type":"match_type"}}},{"response":"firewall_block","params":[]}],"immediate_exec_response":false}}}