# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule REQUEST_FILENAME "@endsWith cart.php" \
	"id:222040,chain,msg:'COMODO WAF: WHMCS SQL injection detected||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WHMCS'"
SecRule ARGS:address1|ARGS:address2|ARGS:city|ARGS:firstname|ARGS:lastname|ARGS:state "@containsWord aes_encrypt" \
	"t:none,t:lowercase"