SniperSister · June 10, 2018 17:57 · silvaf6 · Apr 23, 2018 · decafgeek · Apr 26, 2018
diff --git a/gistfile1.txt b/gistfile1.txt
 # SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters

 SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
        SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
        SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)"

 # GENERIC: Block all parameters starting with #
        
 SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
        SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
        SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]"
	# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters

	SecRule REQUEST_FILENAME "(index\.php\|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
	SecRule REQUEST_METHOD "^(GET\|POST\|HEAD)$" chain
	SecRule ARGS_NAMES\|REQUEST_COOKIES_NAMES "^\#(submit\|validate\|pre_render\|post_render\|element_validate\|after_build\|value_callback\|process)$\|\[(?:\'\|\")?#(submit\|validate\|pre_render\|post_render\|element_validate\|after_build\|value_callback\|process)"

	# GENERIC: Block all parameters starting with #

	SecRule REQUEST_FILENAME "(index\.php\|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
	SecRule REQUEST_METHOD "^(GET\|POST\|HEAD)$" chain
	SecRule ARGS_NAMES\|REQUEST_COOKIES_NAMES "^\#\|\[(?:\'\|\")?\#.*\]"