#scope:<access_control>::scope_data:<ccmsdev:ccmsdevuserauth>
access_domain = *
access_extmatch = *
access_extmatch_seq = 1000
access_protection_level = 1
access_siteminder_policy_server_decides = 0
access_status = 1
access_url = /
allow_any_authenticated_user = 1
auth_login_method = 0
auth_svc_send_auth_headers = 0
authorization_result_cache = 2
ignore_query_string = 0
#scope:<auth_ldap_svc_user_realm>::scope_data:<crystalclean>
auth_ldap_realm_svr_ip = 192.168.21.15
auth_ldap_realm_svr_port = 389
auth_realm_base_dn = DC=CrystalClean,DC=local
auth_realm_bind_dn = ccwebfilterldap@CrystalClean.local
auth_realm_bind_passwd = hcc3917
auth_realm_group_filter = (&(objectClass=group)(member=%user_dn))
auth_realm_login_attribute = SAMAccountName
auth_realm_member_attribute = SAMAccountName
auth_realm_query_for_group = 0
auth_realm_secure_ldap_connection = none
auth_realm_type_ldap = 1
#scope:<auth_ldap_svc_user_realm>::scope_data:<internal>
auth_ldap_realm_svr_ip = 127.0.0.1
auth_ldap_realm_svr_port = 389
auth_realm_base_dn = ou=Engineering,o=barracudanetworks,c=us
auth_realm_bind_dn = cn=Manager
auth_realm_bind_passwd = secret
auth_realm_group_filter = (&(objectClass=posixGroup)(memberUid=%user))
auth_realm_login_attribute = uid
auth_realm_member_attribute = cn
auth_realm_query_for_group = 1
auth_realm_retries = 3
auth_realm_secure_ldap_connection = none
auth_realm_type_ldap = 0
connection_security = 0
distribution_mode = 0

# global config file for Barracuda WebApplication Firewall model 460
#
# each line may be one of the following:
#    blank line
#    comment: any line beginning with a "#" sign - please note
#        that # in the middle of the line will not be considered a comment
#    key = value pair
#    continuation: any line that contains text, but begins with white space
#        is assumed to be a continuation of a list started with the previous
#        key/value pair

#scope:<global>::scope_data:<>
allow_multiple_user_sessions = 0
attackdef_update_frequency = Hourly
audit_log_messages_per_page = 20
auth_ldap_svc_user_realm_name = CRYSTALCLEAN
  internal
authorization_cache_timeout = 30
# Backup global config
backup_config = 1
# Format of backup files
backup_consolidate = 1
# Number of backups to keep on the remote server
backup_life = 5
# Default Backup Server Connection Port
backup_port = 21
# Type of server to backup to
backup_type = ftp
branding_device_name = Barracuda Web Site Firewall
bridge_mode = ACTIVE
bridge_switch_all = 1
caching_per_page = 15
cluster_systems = 192.168.21.249
cluster_systems_mode = Active
cluster_systems_quarantine = 
cluster_systems_serial = 151500
compression_per_page = 15
config_db_version = 720
content_rules_per_page = 15
cookie_encryption_expiry_timezone = 0
cookie_encryption_key = cO+lGD6RdgG2xJG0rELsx/y9TolA/0Uc6fdt9fnKS0L5W5xUORtY/grxx26zzQvzYoE3ZkJFeo0Fu8ao0DopA3AQbRMw8POhaiOUHoLFTUivsQaiT/gnvx3L2sgi3MeS
cookie_encryption_key_expiry = 2009-03-03 00:00:00
default_locale = en_US
default_log_level = 5
enable_bypass_mode = 0
failback_mode = 0
firewall_log_messages_per_page = 20
# FTP Custom Logs transport through ssl support
ftp_server_ssl_status = 1
hard_bypass_mode = 0
header_acl_per_page = 15
# HTTP Interface Port
http_port = 8000
# HTTP Interface Session Length
http_session_length = 20
# Allow The SSL Protocol v2 To Be Used In HTTPS
https_allow_ssl2 = Yes
# Use HTTPS Links In Quarantine Notifications
https_links = No
# Use HTTPS Only Flag
https_only = No
# HTTPS Web Interface Port
https_port = 443
internal_ldap_group_name = 
internal_ldap_user_name = 
lan_ip = 0.0.0.0
lan_ip_as_mgmt = 0
lan_netmask = 0.0.0.0
local_adr_per_page = 15
# Enable Generic IP Lockdown For Web GUI Flag
login_enable_lockdown = Yes
# user own format of storing the logs
logs_custom_format = %h %l %u %t %r %s %b
# FTP Server Port
logs_ftp_server_port = 21
max_cache_size_percent = 20
mgmt_ip = 0.0.0.0
mgmt_ip_as_mgmt = 0
mgmt_netmask = 0.0.0.0
monitor_lan_link = 1
monitor_mgmt_link = 0
monitor_wan_link = 1
operational_mode = proxy
rate_control_pool_name = default-pool
report_max_lines = 5
request_buffer_size = 1
request_buffer_size_unlimited = 0
response_page_name = default
scana_update_virus_defs = Yes
scana_update_virus_defs_frequency = Hourly
secdef_update_frequency = Hourly
sendmail_host = 
sendmail_port = 25
service_name = CCMSDEV
services_per_page = 15
session_information_name = ASP-DOT-NET-session
  ASPSESSIONID-session
  ColdFusion-session
  J2EE-JSESSIONID-Cookie-session
  J2EE-JSESSIONID-URL-session
  J2EE-session
  JWS-ID-session
  PHP-BB-MYSQL-session
  PHPSESSID-session
  PHPSESSIONID-session
  SAP-session
session_tracking_per_page = 15
snmp_community_string = public
soap_allow_additional_hdrs = 1
soap_val_envelope = 1
soap_val_wsdl_headers = 1
soap_val_wsdl_schema_body = 1
ssl_use_private_ca = Default
standard_log_formats = clf
# Support tunnel timeout in seconds
support_tunnel_timeout = 432000
system_back_ip = 0.0.0.0
# System Default Domain
system_default_domain = barracudanetworks.com
# System Hostname
system_default_hostname = Barracuda
# System Gateway
system_gateway = 192.168.21.1
system_interfaces = WAN
  LAN
  MGMT
system_interfaces_duplexity = Full
  Full
  Half
system_interfaces_negotiation_status = 1
  1
  1
system_interfaces_speed = 100
  100
  10
# System IP Address
system_ip = 192.168.21.249
system_ip_as_mgmt = 1
system_netmask = 255.255.255.0
# System NTP Server
system_ntp_server = update01.barracudanetworks.com
system_password = admin
# Primary DNS Server
system_primary_dns_server = 192.168.21.15
# Secondary DNS Server
system_secondary_dns_server = 
system_serial = 151500
system_ssh_allow_ip = 0/32
system_ssh_enable = Yes
# System Timezone
system_timezone = America/Los_Angeles
system_use_backport = no
url_acl_per_page = 15
url_extension_list = dll
  exe
  asp
  pdf
  fdf
  au
  bmp
  z
  gif
  html
  htm
  shtml
  js
  mocha
  jpeg
  jpg
  jpe
  jfif
  pjpeg
  pjp
  mp2
  mpa
  abs
  mpeg
  mpg
  mpe
  mpv
  vbs
  mlv
  pcx
  txt
  text
  mov
  tiff
  tar
  avi
  wav
  gz
  zip
  gzip
  pl
  jsp
  nsf
  swf
  css
  aspx
  cgi
  do
  sh
  php
  tcl
  py
  pyc
  bat
  bin
  vb
  cs
  action
  swe
  cfm
  php3
  axd
  dwr
  php4
url_profiles_per_page = 15
user_session_timeout = 15
virtual_ip_config_address = 192.168.21.247
  192.168.21.246
virtual_ip_config_interface = WAN
  WAN
virtual_ip_config_netmask = 255.255.255.0
  255.255.255.0
vsite_type = 0
web_firewall_policy_name = default
  oracle
  owa
  sharepoint
web_log_messages_per_page = 20
wsi1001 = 1
wsi1002 = 1
wsi1003 = 1
wsi1004 = 1
wsi1005 = 1
wsi1006 = 1
wsi1007 = 1
wsi1008 = 1
wsi1009 = 0
wsi1010 = 1
wsi1011 = 1
wsi1012 = 1
wsi1013 = 1
wsi1031 = 1
wsi1032 = 1
wsi1033 = 1
wsi1100 = 1
wsi1101 = 1
wsi1103 = 1
wsi1104 = 1
wsi1107 = 1
wsi1109 = 1
wsi1110 = 1
wsi1111 = 1
wsi1116 = 1
wsi1201 = 1
wsi1202 = 1
wsi1203 = 1
wsi1204 = 1
wsi1208 = 1
wsi1211 = 1
wsi1301 = 1
wsi1302 = 1
wsi1305 = 1
wsi1306 = 1
wsi1307 = 1
wsi1308 = 1
wsi1309 = 1
wsi1316 = 1
wsi1318 = 1
wsi1601 = 1
wsi1701 = 1
xdos_block_dtds = 1
xdos_block_ext_uri_ref = 1
xdos_block_proc_inst = 1
xdos_max_attr_namelen = 64
xdos_max_attr_valuelen = 1024
xdos_max_doc_sz = 16k
xdos_max_elm_attrs = 32
xdos_max_elm_children = 100
xdos_max_elm_intree = 10000
xdos_max_elm_namelen = 64
xdos_max_nodes = 1024
xdos_max_tree_depth = 20
xdos_max_txtlen = 4
xdos_min_doc_sz = 4
xmlfw_enable = 0
#scope:<rate_control_pool>::scope_data:<default-pool>
rate_max_active_requests = 100
rate_max_per_client_backlog = 32
rate_max_unconfigured_clients = 100
#scope:<response_page>::scope_data:<default>
rp_body = The specified URL cannot be found
rp_headers = Connection: Close
  Content-Type: text/html
rp_status_code = 404 Not Found
#scope:<server>::scope_data:<CCMSDEV:192.168.21.40_100>
#scope:<service>::scope_data:<ccmsdev>
access_control_name = CCMSDEVUserAuth
app_profile_check_default_policy = 1
app_profile_session_cookie_timeout = 15
app_profile_state = 1
app_profile_use_profile = 1
aps_acl_content_protection_status = 0
aps_attack_prevention_log = 5
aps_attack_prevention_passive = 1
aps_attack_prevention_status = 1
aps_attack_prevention_trusted_hosts_action = 2
aps_auto_correct_ignore_case = 1
aps_instant_ssl_status = 0
aps_redirect_status = 0
aps_req_rewrite_action = 0
aps_req_rewrite_condition = *
aps_req_rewrite_continue = 1
aps_req_rewrite_header = X-Forwarded-For
aps_req_rewrite_oldval = *
aps_req_rewrite_policy_name = default-req-rewrite-rule
aps_req_rewrite_rule_status = 1
aps_req_rewrite_sequence = 1
aps_req_rewrite_substitute = $SRC_ADDR
aps_rewrite_sharepoint_support = 0
aps_rewrite_status = 0
aps_url_acl_domain = *
aps_url_acl_header = *
aps_url_acl_header_weight = 1
aps_url_acl_monitor = 0
aps_url_acl_name = default-url-policy
aps_url_acl_parse_urls_in_scripts = 1
aps_url_acl_rate_control_binding = 
aps_url_acl_response_charset = 15
aps_url_acl_status = 1
aps_url_acl_url = /*
aps_url_acl_virus_check = 0
auth_realm = CRYSTALCLEAN
auth_siteminder_cookie_source_ip_check = 1
auth_siteminder_sso_handle_cookie_provider_url = 0
auth_status = 1
auth_svc_cookie_domain = 
auth_svc_cookie_path = /
auth_svc_idle_timeout = 15
auth_svc_login_processor = /nclogin.submit
auth_svc_loginfail_url = http://www.crystal-clean.com/contact/
auth_svc_loginsuccess_url = http://ccms.crystal-clean.com
auth_svc_logoutsuccess_url = http://www.crystal-clean.com
auth_svc_trusted_hosts_action = 0
auth_svc_update_interval = 30
bf_attack_criterion = 0
bf_exception_clients = 
bf_max_allowed_per_ip = 10
bf_max_allowed_sources = 100
bf_resp_code_status = 0
bf_total_interval = 60
bf_url_acl_status = 0
cache_expiry_age = 60
cache_max_objsize = 256
cache_min_objsize = 256
cache_negative_response = 0
cache_req_cachehdrs_ignore = 0
cache_resp_cachehdrs_ignore = 0
cache_status = 0
compress_min_obj_size = 8192
compress_status = 0
compress_unknown_content_type = 0
ftp_aps_authentication = 0
if_mask = 255.255.255.0
keepalive_requests = 64
keepalive_timeout = 60
lb_algorithm = 0
lb_max_req_slow_start = 0
lb_mode = SLB
lb_redirect_msg = Moved
lb_redirect_status = 0
lb_redirect_status_code = 302
lb_status = 1
learning_max_changes_before_update = 10
learning_profile_update_interval = 15
learning_request_learning = 1
learning_response_learning = 1
learning_status = 0
log_status = 1
nc_sso_is_master_app = 0
persistency_cookie_name = persistence
persistency_cookie_security = 0
persistency_failover_method = LB
persistency_idle_timeout = 600
persistency_method = NONE
persistency_use_imode = 0
policy_is_default = 0
rate_pol_binding = NONE
rate_pol_status = 0
rsa_am_cookie_ip_check = 1
server_name = 192.168.21.40_100
service_app_protocol = NONE
service_creation_time = 1234563548
service_ip = 192.168.21.247
service_port = 80
service_status = 1
service_switch_mode = 0
service_type = HTTP
ssl_accept_any_policy = 1
ssl_accept_explicit_policy = 0
ssl_des3_sha_enable = 1
ssl_enable_ssl3 = 1
ssl_enable_tls = 1
ssl_export_ciphers_enable = 0
ssl_inhibit_any_policy = 0
ssl_inhibit_policy_mapping = 1
ssl_max_active_sessions = 2048
ssl_rc4_md5_enable = 1
ssl_req_client_auth = 0
ssl_req_client_auth_enforce_cert = 1
ssl_session_resumption = 1
ssl_session_timeout = 300
ssl_status = 0
st_max_interval = 60
st_max_session_per_ip = 10
st_status = 0
tranparent_persistency_idle_timeout = 600
transparent_persistency_failover_method = LB
transparent_persistency_method = NONE
web_firewall_policy_binding = default
#scope:<session_information>::scope_data:<asp-dot-net-session>
si_session_token_name = ASP.Net_SessionID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<aspsessionid-session>
si_session_token_name = ASPSESSIONID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<coldfusion-session>
si_session_token_name = CFID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-jsessionid-cookie-session>
si_session_token_name = JSESSIONID
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-jsessionid-url-session>
si_session_token_name = ;JSESSIONID
si_session_token_type = 6
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<j2ee-session>
si_session_token_name = JSESSION
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<jws-id-session>
si_session_token_name = jwssessionid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<php-bb-mysql-session>
si_session_token_name = phpbb2mysqlsession
si_session_token_type = 5
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<phpsessid-session>
si_session_token_name = phpsessid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<phpsessionid-session>
si_session_token_name = phpsessionid
si_session_token_type = 3
si_url_session_token_end_delimiter = ;
si_url_session_token_start_delimiter = =
#scope:<session_information>::scope_data:<sap-session>
si_session_token_name = sid
si_session_token_type = 6
si_url_session_token_end_delimiter = )
si_url_session_token_start_delimiter = (
#scope:<web_firewall_policy>::scope_data:<default>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  0
  1
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  directory-indexing
  ssn
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  0
  1
aps_content_protection_type = credit-cards
  directory-indexing
  social-security-numbers
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = brute-force-from-all-sources
  brute-force-from-ip
  content-length-exceeded
  cookie-count-exceeded
  cookie-expired
  cookie-length-exceeded
  cookie-name-length-exceeded
  cookie-tampered
  cross-site-request-forgery-attack-detected
  cross-site-scripting-in-header
  cross-site-scripting-pattern-in-parameter
  cross-site-scripting-pattern-in-url
  custom-attack-pattern-in-header
  custom-attack-pattern-in-parameter
  custom-attack-pattern-in-url
  directory-traversal-beyond-root
  directory-traversal-in-header
  directory-traversal-pattern-in-parameter
  domain-not-found-in-profile
  error-response-suppressed
  file-upload-size-exceeded
  forbidden-file-extension
  forbidden-method
  get-request-with-content-length-header
  header-count-exceeded
  header-name-length-exceeded
  header-value-length-exceeded
  http-1.1-request-without-host
  identity-theft-pattern-matched-in-response
  invalid-header
  invalid-method
  invalid-or-malformed-http-request
  invalid-url-character-set
  invalid-url-encoding
  large-parameter-in-post-data
  malformed-content-length
  malformed-cookie
  malformed-end-of-request-line
  malformed-header
  malformed-parameter
  malformed-version
  mandatory-parameter-missing
  max-instances-of-parameter-exceeded
  metacharacter-in-parameter
  metacharacter-matched-in-header
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  multiple-content-length-headers
  no-param-profile-match
  no-url-profile-match
  os-command-injection-in-header
  os-command-injection-pattern-in-parameter
  os-command-injection-pattern-in-url
  parameter-input-validation-failed
  parameter-length-exceeded
  parameter-name-length-exceeded
  parameter-value-not-allowed
  post-request-without-content-length
  pre-1.0-request
  query-string-not-allowed
  read-only-or-hidden-parameter-tampered
  remote-file-inclusion-pattern-in-parameter
  remote-file-inclusion-pattern-in-url
  response-header-suppressed
  session-choice-parameter-tampered
  session-context-not-found
  session-invariant-parameter-tampered
  session-not-found
  slash-dot-in-url-path
  sql-injection-in-header
  sql-injection-pattern-in-parameter
  sql-injection-pattern-in-url
  tilde-in-url-path
  too-many-parameters
  too-many-sessions-for-ip
  too-many-uploaded-files
  total-request-length-exceeded
  total-request-line-length-exceeded
  unknown-content-type-in-post-body
  unrecognized-cookie
  url-length-exceeded
  url-query-length-exceeded
  message-is-not-HTTP1.1
  message-is-not-HTTP1.0-or-HTTP1.1
  message-is-not-UTF8-or-UTF16
  request-is-not-HTTP-POST
  resp-has-no-wrapper-named-op
  soapaction-hdr-is-not-quoted
  DOCTYPE-element
  msg-part-accessors-have-no-ns
  msg-does-not-include-allhdrs
  oneway-resp-non-empty-body
  req-matches-wsdl
  no-fault-for-bad-env-ns
  resp-matches-wsdl
  faults-use-dot-notation
  atts-in-soap-env-hdr-body
  env-ns-is-1998
  good-resp-is-not-200ok
  processed-resp-status-is-nither-200-nor-202
  non-POST-req-does-not-get-405
  non-XML-req-does-not-get-415
  fault-resp-is-not-defined-in-wsdl-binding
  WSI-confirmance-not-in-soap-hdr
  WSI-confirmance-is-not-well-formed
  WSI-confirmance-claims-are-not-mustunderstand
  soapaction-hdr-does-not-match-op-soapaction
  msg-body-is-not-soap-env-with-ns
  soap-body-children-are-not-ns-qualified
  soap-fault-has-envelope-ns
  soapenc-arraytype-attr
  xml-processing-instructions-in-body
  part-accessors-has-xsi-nil
  mustunderstand-is-nither-1-nor-0
  soap-faultcode-is-not-std
  soap-fault-is-not-in-HTTP500-resp
  soap-fault-does-not-have-allowed-children
  encodingStyle-in-envelope-ns-elements
  soap-encodingStyle-in-body-children
  envelope-have-children-after-body
  soap-fault-children-are-qualified
  encodingStyle-in-rpc-literal-grand-children
  envelope-and-body-are-not-xml1.0
  envelope-does-not-confirm-to-schema
  invalid-soap-envelope
  invalid-soap-header
  invalid-soap-body
  additional-soap-headers-rcvd
  max-tree-depth-exceeded
  max-element-name-length-exceeded
  max-elements-in-tree-exceeded
  max-element-children-exceeded
  max-element-attributes-exceeded
  max-attribute-name-length-exceeded
  max-attribute-value-length-exceeded
  max-text-size-exceeded
  max-document-size-exceeded
  min-document-size-limit
  processing-instructions-found
  dtd-found
  external-uri-ref-found
  malformed-xml
  rate-control-intrusion
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 146
  145
  40
  141
  32
  41
  142
  31
  165
  37
  158
  167
  35
  155
  171
  16
  39
  160
  130
  17
  151
  150
  5
  125
  44
  143
  6
  126
  63
  122
  118
  77
  12
  11
  129
  123
  124
  120
  121
  128
  119
  138
  137
  152
  7
  116
  117
  127
  163
  131
  38
  159
  168
  156
  154
  147
  139
  25
  60
  132
  134
  164
  170
  61
  136
  162
  135
  161
  14
  36
  157
  166
  15
  149
  144
  148
  0
  140
  26
  30
  42
  43
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  190
  191
  192
  193
  174
  175
  176
  184
  177
  178
  179
  181
  182
  183
  186
  185
  187
  188
  75
attack_group = advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  param-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  header-violations
  param-profile-violations
  application-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  advanced-policy-violations
  request-policy-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  header-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  url-profile-violations
  application-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  protocol-violations
  protocol-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  header-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  advanced-policy-violations
cookie_replay_protection_type = 1
global_adr_action = 1
  2
  2
  2
  2
  2
  1
  2
  0
  2
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  (URI-Path req \/.*%23[^/]*)
  *
  *
  *
  *
  *
  *
  (Header Translate eq F)
global_adr_extended_match_sequence = 1
  2
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_name = access-control-login-url
  backups-prefix-copy
  backups-prefix-hash
  backups-suffix-bak
  backups-suffix-old
  backups-suffix-sav
  favicon.ico
  phpinfo
  robots.txt
  translate-f-vulnerability
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /nclogin.submit
  /*
  /*
  /*.bak
  /*.old
  /*.sav
  /*/favicon.ico
  /*/phpinfo.php
  /*/robots.txt
  /*.asp
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1000
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  HEAD
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  text/xml
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<oracle>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  0
  1
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  directory-indexing
  ssn
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  0
  1
aps_content_protection_type = credit-cards
  directory-indexing
  social-security-numbers
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = brute-force-from-all-sources
  brute-force-from-ip
  content-length-exceeded
  cookie-count-exceeded
  cookie-expired
  cookie-length-exceeded
  cookie-name-length-exceeded
  cookie-tampered
  cross-site-request-forgery-attack-detected
  cross-site-scripting-in-header
  cross-site-scripting-pattern-in-parameter
  cross-site-scripting-pattern-in-url
  custom-attack-pattern-in-header
  custom-attack-pattern-in-parameter
  custom-attack-pattern-in-url
  directory-traversal-beyond-root
  directory-traversal-in-header
  directory-traversal-pattern-in-parameter
  domain-not-found-in-profile
  error-response-suppressed
  file-upload-size-exceeded
  forbidden-file-extension
  forbidden-method
  get-request-with-content-length-header
  header-count-exceeded
  header-name-length-exceeded
  header-value-length-exceeded
  http-1.1-request-without-host
  identity-theft-pattern-matched-in-response
  invalid-header
  invalid-method
  invalid-or-malformed-http-request
  invalid-url-character-set
  invalid-url-encoding
  large-parameter-in-post-data
  malformed-content-length
  malformed-cookie
  malformed-end-of-request-line
  malformed-header
  malformed-parameter
  malformed-version
  mandatory-parameter-missing
  max-instances-of-parameter-exceeded
  metacharacter-in-parameter
  metacharacter-matched-in-header
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  multiple-content-length-headers
  no-param-profile-match
  no-url-profile-match
  os-command-injection-in-header
  os-command-injection-pattern-in-parameter
  os-command-injection-pattern-in-url
  parameter-input-validation-failed
  parameter-length-exceeded
  parameter-name-length-exceeded
  parameter-value-not-allowed
  post-request-without-content-length
  pre-1.0-request
  query-string-not-allowed
  read-only-or-hidden-parameter-tampered
  remote-file-inclusion-pattern-in-parameter
  remote-file-inclusion-pattern-in-url
  response-header-suppressed
  session-choice-parameter-tampered
  session-context-not-found
  session-invariant-parameter-tampered
  session-not-found
  slash-dot-in-url-path
  sql-injection-in-header
  sql-injection-pattern-in-parameter
  sql-injection-pattern-in-url
  tilde-in-url-path
  too-many-parameters
  too-many-sessions-for-ip
  too-many-uploaded-files
  total-request-length-exceeded
  total-request-line-length-exceeded
  unknown-content-type-in-post-body
  unrecognized-cookie
  url-length-exceeded
  url-query-length-exceeded
  message-is-not-HTTP1.1
  message-is-not-HTTP1.0-or-HTTP1.1
  message-is-not-UTF8-or-UTF16
  request-is-not-HTTP-POST
  resp-has-no-wrapper-named-op
  soapaction-hdr-is-not-quoted
  DOCTYPE-element
  msg-part-accessors-have-no-ns
  msg-does-not-include-allhdrs
  oneway-resp-non-empty-body
  req-matches-wsdl
  no-fault-for-bad-env-ns
  resp-matches-wsdl
  faults-use-dot-notation
  atts-in-soap-env-hdr-body
  env-ns-is-1998
  good-resp-is-not-200ok
  processed-resp-status-is-nither-200-nor-202
  non-POST-req-does-not-get-405
  non-XML-req-does-not-get-415
  fault-resp-is-not-defined-in-wsdl-binding
  WSI-confirmance-not-in-soap-hdr
  WSI-confirmance-is-not-well-formed
  WSI-confirmance-claims-are-not-mustunderstand
  soapaction-hdr-does-not-match-op-soapaction
  msg-body-is-not-soap-env-with-ns
  soap-body-children-are-not-ns-qualified
  soap-fault-has-envelope-ns
  soapenc-arraytype-attr
  xml-processing-instructions-in-body
  part-accessors-has-xsi-nil
  mustunderstand-is-nither-1-nor-0
  soap-faultcode-is-not-std
  soap-fault-is-not-in-HTTP500-resp
  soap-fault-does-not-have-allowed-children
  encodingStyle-in-envelope-ns-elements
  soap-encodingStyle-in-body-children
  envelope-have-children-after-body
  soap-fault-children-are-qualified
  encodingStyle-in-rpc-literal-grand-children
  envelope-and-body-are-not-xml1.0
  envelope-does-not-confirm-to-schema
  invalid-soap-envelope
  invalid-soap-header
  invalid-soap-body
  additional-soap-headers-rcvd
  max-tree-depth-exceeded
  max-element-name-length-exceeded
  max-elements-in-tree-exceeded
  max-element-children-exceeded
  max-element-attributes-exceeded
  max-attribute-name-length-exceeded
  max-attribute-value-length-exceeded
  max-text-size-exceeded
  max-document-size-exceeded
  min-document-size-limit
  processing-instructions-found
  dtd-found
  external-uri-ref-found
  malformed-xml
  rate-control-intrusion
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 146
  145
  40
  141
  32
  41
  142
  31
  165
  37
  158
  167
  35
  155
  171
  16
  39
  160
  130
  17
  151
  150
  5
  125
  44
  143
  6
  126
  63
  122
  118
  77
  12
  11
  129
  123
  124
  120
  121
  128
  119
  138
  137
  152
  7
  116
  117
  127
  163
  131
  38
  159
  168
  156
  154
  147
  139
  25
  60
  132
  134
  164
  170
  61
  136
  162
  135
  161
  14
  36
  157
  166
  15
  149
  144
  148
  0
  140
  26
  30
  42
  43
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  190
  191
  192
  193
  174
  175
  176
  184
  177
  178
  179
  181
  182
  183
  186
  185
  187
  188
  75
attack_group = advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  param-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  header-violations
  param-profile-violations
  application-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  advanced-policy-violations
  request-policy-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  header-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  url-profile-violations
  application-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  protocol-violations
  protocol-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  header-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  advanced-policy-violations
cookie_replay_protection_type = 1
global_adr_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  2
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  3
  3
  0
  0
  0
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
  *
global_adr_extended_match_sequence = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1000
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_name = AppsLocalLogin.jsp
  AppsLocalLogout.jsp
  AppsLogin
  BufferedAppletBeanInfo.class
  JBufferedAppletBeanInfo.class
  KeyboardFocusManager.class
  MainBeanInfo.class
  OA.jsp
  OAErrorDetailPage.jsp
  OAErrorPage.jsp
  OALogout.jsp
  OA_JAVA.bmp
  OA_JAVA.gif
  OA_JAVA.jpeg
  OA_JAVA.jpg
  OracleApplications.dat
  PopupAppletBeanInfo.class
  RF.jsp
  Registry.dat
  Sensor.class
  SunBufferedAppletBeanInfo.class
  SunJBufferedAppletBeanInfo.class
  SunMainBeanInfo.class
  SunPopupAppletBeanInfo.class
  a.jsp
  access-control-login-url
  calendarDialog.jsp
  catch-all-deny
  diag-pack-vuln
  f60cgi
  favicon.ico
  find_icx_launch.launch
  find_icx_launch.runforms
  fndaol.jar
  fndbalishare.jar
  fndctx.jar
  fnderror.jsp
  fndewt.jar
  fndforms.jar
  fndformsi18n.jar
  fndlist.jar
  fndswing.jar
  fndutil.jar
  fndvalid.jsp
  formservlet
  frameRedirect.jsp
  fred.jsp
  glahelib.jar
  glhelib.jar
  gr.jsp
  j-oajinit.exe
  oa-html-avi
  oa-html-bmp
  oa-html-css
  oa-html-gif
  oa-html-htm
  oa-html-html
  oa-html-jpeg
  oa-html-jpg
  oa-html-js
  oa-html-xls
  oa-html-xss
  oa-media-bmp
  oa-media-gif
  oa-media-jpeg
  oa-media-jpg
  oajinit.exe
  one.jsp
  oracle.jsp
  properties
  redirect-help
  redirect-root
  robots.txt
  sso.AppsLogin
  sso.AppsLogout
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  /help/
  /OA_HTML/AppsLocalLogin.jsp
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /OA_HTML/AppsLocalLogin.jsp
  /OA_HTML/AppsLocalLogout.jsp
  /oa_servelets/AppsLogin
  /OA_JAVA/oracle/ewt/lwAWT/BufferedAppletBeanInfo.class
  /OA_JAVA/oracle/ewt/swing/JBufferedAppletBeanInfo.class
  /OA_JAVA/java/awt/KeyboardFocusManager.class
  /OA_JAVA/oracle/forms/engine/MainBeanInfo.class
  /OA_HTML/OA.jsp
  /OA_HTML/OAErrorDetailPage.jsp
  /OA_HTML/OAErrorPage.jsp
  /OA_HTML/OALogout.jsp
  /OA_JAVA/*.bmp
  /OA_JAVA/*.gif
  /OA_JAVA/*.jpeg
  /OA_JAVA/*.jpg
  /OA_JAVA/oracle/apps/fnd/formsClient/OracleApplications.dat
  /OA_JAVA/oracle/ewt/popup/PopupAppletBeanInfo.class
  /OA_HTML/RF.jsp
  /OA_JAVA/oracle/forms/registry/Registry.dat
  /OA_JAVA/oracle/dms/instrument/Sensor.class
  /OA_JAVA/sun/beans/infos/BufferedAppletBeanInfo.class
  /OA_JAVA/sun/beans/infos/JBufferedAppletBeanInfo.class
  /OA_JAVA/sun/beans/infos/MainBeanInfo.class
  /OA_JAVA/sun/beans/infos/PopupAppletBeanInfo.class
  /OA_HTML/cabo/jsps/a.jsp
  /nclogin.submit
  /OA_HTML/cabo/jsps/calendarDialog.jsp
  /*
  /OA_HTML/jtfqa*
  /dev60cgi/f60cgi
  /*/favicon.ico
  /pls/*/fnd_icx_launch.launch
  /pls/*/fnd_icx_launch.runforms
  /OA_JAVA/oracle/apps/fnd/jar/fndaol.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndbalishare.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndctx.jar
  /OA_HTML/fnderror.jsp
  /OA_JAVA/oracle/apps/fnd/jar/fndewt.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndforms.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndlist.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndswing.jar
  /OA_JAVA/oracle/apps/fnd/jar/fndutil.jar
  /OA_HTML/fndvald.jsp
  /forms/formservlet
  /OA_HTML/cabo/jsps/frameRedirect.jsp
  /OA_HTML/cabo/jsps/fred.jsp
  /OA_JAVA/oracle/apps/gl/jar/glahelib.jar
  /OA_JAVA/oracle/apps/gl/jar/glhelib.jar
  /OA_HTML/cabo/jsps/gr.jsp
  /jinitiator/oajinit.exe
  /OA_HTML/*.avi
  /OA_HTML/*.bmp
  /OA_HTML/*.css
  /OA_HTML/*.gif
  /OA_HTML/*.htm
  /OA_HTML/*.html
  /OA_HTML/*.jpeg
  /OA_HTML/*.jpg
  /OA_HTML/*.js
  /OA_HTML/*.xls
  /OA_HTML/*.xss
  /OA_MEDIA/*.bmp
  /OA_MEDIA/*.gif
  /OA_MEDIA/*.jpeg
  /OA_MEDIA/*.jpg
  /html/oajinit.exe
  /OA_HTML/cabo/jsps/1.jsp
  /oa_servlets/oracle.jsp.JspServlet
  /OA_JAVA/oracle/*.properties
  /OA_HTML/jsp/fnd/fndhelp.jsp
  /
  /*/robots.txt
  /oa_servelets/oracle.apps.find.sso.AppsLogin
  /oa_servelets/oracle.apps.find.sso.AppsLogout
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1000
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  HEAD
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  text/xml
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<owa>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  0
  1
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  directory-indexing
  ssn
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  0
  1
aps_content_protection_type = credit-cards
  directory-indexing
  social-security-numbers
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 0
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = brute-force-from-all-sources
  brute-force-from-ip
  content-length-exceeded
  cookie-count-exceeded
  cookie-expired
  cookie-length-exceeded
  cookie-name-length-exceeded
  cookie-tampered
  cross-site-request-forgery-attack-detected
  cross-site-scripting-in-header
  cross-site-scripting-pattern-in-parameter
  cross-site-scripting-pattern-in-url
  custom-attack-pattern-in-header
  custom-attack-pattern-in-parameter
  custom-attack-pattern-in-url
  directory-traversal-beyond-root
  directory-traversal-in-header
  directory-traversal-pattern-in-parameter
  domain-not-found-in-profile
  error-response-suppressed
  file-upload-size-exceeded
  forbidden-file-extension
  forbidden-method
  get-request-with-content-length-header
  header-count-exceeded
  header-name-length-exceeded
  header-value-length-exceeded
  http-1.1-request-without-host
  identity-theft-pattern-matched-in-response
  invalid-header
  invalid-method
  invalid-or-malformed-http-request
  invalid-url-character-set
  invalid-url-encoding
  large-parameter-in-post-data
  malformed-content-length
  malformed-cookie
  malformed-end-of-request-line
  malformed-header
  malformed-parameter
  malformed-version
  mandatory-parameter-missing
  max-instances-of-parameter-exceeded
  metacharacter-in-parameter
  metacharacter-matched-in-header
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  multiple-content-length-headers
  no-param-profile-match
  no-url-profile-match
  os-command-injection-in-header
  os-command-injection-pattern-in-parameter
  os-command-injection-pattern-in-url
  parameter-input-validation-failed
  parameter-length-exceeded
  parameter-name-length-exceeded
  parameter-value-not-allowed
  post-request-without-content-length
  pre-1.0-request
  query-string-not-allowed
  read-only-or-hidden-parameter-tampered
  remote-file-inclusion-pattern-in-parameter
  remote-file-inclusion-pattern-in-url
  response-header-suppressed
  session-choice-parameter-tampered
  session-context-not-found
  session-invariant-parameter-tampered
  session-not-found
  slash-dot-in-url-path
  sql-injection-in-header
  sql-injection-pattern-in-parameter
  sql-injection-pattern-in-url
  tilde-in-url-path
  too-many-parameters
  too-many-sessions-for-ip
  too-many-uploaded-files
  total-request-length-exceeded
  total-request-line-length-exceeded
  unknown-content-type-in-post-body
  unrecognized-cookie
  url-length-exceeded
  url-query-length-exceeded
  message-is-not-HTTP1.1
  message-is-not-HTTP1.0-or-HTTP1.1
  message-is-not-UTF8-or-UTF16
  request-is-not-HTTP-POST
  resp-has-no-wrapper-named-op
  soapaction-hdr-is-not-quoted
  DOCTYPE-element
  msg-part-accessors-have-no-ns
  msg-does-not-include-allhdrs
  oneway-resp-non-empty-body
  req-matches-wsdl
  no-fault-for-bad-env-ns
  resp-matches-wsdl
  faults-use-dot-notation
  atts-in-soap-env-hdr-body
  env-ns-is-1998
  good-resp-is-not-200ok
  processed-resp-status-is-nither-200-nor-202
  non-POST-req-does-not-get-405
  non-XML-req-does-not-get-415
  fault-resp-is-not-defined-in-wsdl-binding
  WSI-confirmance-not-in-soap-hdr
  WSI-confirmance-is-not-well-formed
  WSI-confirmance-claims-are-not-mustunderstand
  soapaction-hdr-does-not-match-op-soapaction
  msg-body-is-not-soap-env-with-ns
  soap-body-children-are-not-ns-qualified
  soap-fault-has-envelope-ns
  soapenc-arraytype-attr
  xml-processing-instructions-in-body
  part-accessors-has-xsi-nil
  mustunderstand-is-nither-1-nor-0
  soap-faultcode-is-not-std
  soap-fault-is-not-in-HTTP500-resp
  soap-fault-does-not-have-allowed-children
  encodingStyle-in-envelope-ns-elements
  soap-encodingStyle-in-body-children
  envelope-have-children-after-body
  soap-fault-children-are-qualified
  encodingStyle-in-rpc-literal-grand-children
  envelope-and-body-are-not-xml1.0
  envelope-does-not-confirm-to-schema
  invalid-soap-envelope
  invalid-soap-header
  invalid-soap-body
  additional-soap-headers-rcvd
  max-tree-depth-exceeded
  max-element-name-length-exceeded
  max-elements-in-tree-exceeded
  max-element-children-exceeded
  max-element-attributes-exceeded
  max-attribute-name-length-exceeded
  max-attribute-value-length-exceeded
  max-text-size-exceeded
  max-document-size-exceeded
  min-document-size-limit
  processing-instructions-found
  dtd-found
  external-uri-ref-found
  malformed-xml
  rate-control-intrusion
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 146
  145
  40
  141
  32
  41
  142
  31
  165
  37
  158
  167
  35
  155
  171
  16
  39
  160
  130
  17
  151
  150
  5
  125
  44
  143
  6
  126
  63
  122
  118
  77
  12
  11
  129
  123
  124
  120
  121
  128
  119
  138
  137
  152
  7
  116
  117
  127
  163
  131
  38
  159
  168
  156
  154
  147
  139
  25
  60
  132
  134
  164
  170
  61
  136
  162
  135
  161
  14
  36
  157
  166
  15
  149
  144
  148
  0
  140
  26
  30
  42
  43
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  190
  191
  192
  193
  174
  175
  176
  184
  177
  178
  179
  181
  182
  183
  186
  185
  187
  188
  75
attack_group = advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  param-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  header-violations
  param-profile-violations
  application-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  advanced-policy-violations
  request-policy-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  header-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  url-profile-violations
  application-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  protocol-violations
  protocol-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  header-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  advanced-policy-violations
cookie_replay_protection_type = 1
global_adr_action = 1
  2
  2
  2
  2
  2
  1
  2
  0
  1
  2
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  (URI-Path req \/.*%23[^/]*)
  *
  *
  *
  *
  *
  *
  *
  (Header Translate eq F)
global_adr_extended_match_sequence = 1
  2
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_name = access-control-login-url
  backups-prefix-copy
  backups-prefix-hash
  backups-suffix-bak
  backups-suffix-old
  backups-suffix-sav
  favicon.ico
  phpinfo
  robots.txt
  rpcproxy
  translate-f-vulnerability
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /nclogin.submit
  /*
  /*
  /*.bak
  /*.old
  /*.sav
  /*/favicon.ico
  /*/phpinfo.php
  /*/robots.txt
  /rpc/rpcproxy.dll
  /*.asp
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 1024
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
url_protection_allow_methods = GET
  POST
  PUT
  HEAD
  CONNECT
  OPTIONS
  DELETE
  SEARCH
  POLL
  PROPFIND
  BMOVE
  BCOPY
  SUBSCRIBE
  MOVE
  PROPPATCH
  BPROPPATCH
  BDELETE
  MKCOL
  RPC_OUT_DATA
  RPC_IN_DATA
  COPY
  ERROR
  LOCK
  PURGE
  TRACE
  UNLOCK
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  application/x-www-UTF8-encoded
  text/xml
  text/plain
  application/vnd.ms-sync.wbxml
  message/rfc822
  text/xml
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
#scope:<web_firewall_policy>::scope_data:<sharepoint>
aps_allow_unrecognized_cookie = 2
aps_charset = 2
aps_cloaking_status = 1
aps_content_protection_action = 1
  0
  1
aps_content_protection_keep_first = 0
  0
  0
aps_content_protection_keep_last = 4
  4
  4
aps_content_protection_name = credit-cards
  directory-indexing
  ssn
aps_content_protection_pattern = 
  
  
aps_content_protection_status = 1
  0
  1
aps_content_protection_type = credit-cards
  directory-indexing
  social-security-numbers
aps_cookie_exceptions = __utma
  __utmc
  __utmz
  __utmb
  NCE__AuthSuccessURL
  CTSESSION
aps_cookie_httponly = 0
aps_cookie_max_age = 1440
aps_cookie_mode = 1
aps_cookie_secure = 0
aps_cookie_status = 1
aps_detect_charset = 0
aps_double_encoding = 0
aps_filter_resp_header = Server
  X-Powered-By
  X-AspNet-Version
aps_filter_resp_status = 1
aps_limit_max_cookie_name_length = 64
aps_limit_max_cookies = 40
aps_limit_max_header_name_length = 32
aps_limit_max_req_line_length = 4096
aps_limit_num_req_headers = 20
aps_limit_query_length = 4096
aps_limit_req_cookie_length = 4096
aps_limit_req_headers_length = 512
aps_limit_req_length = 32768
aps_limit_req_url_length = 4096
aps_limit_status = 1
aps_param_separators = &
aps_suppress_return_code = 1
attack_action_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  1
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
  1
attack_action_follow_up_action = 0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
  0
attack_action_follow_up_action_time = 60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
  60
attack_action_name = brute-force-from-all-sources
  brute-force-from-ip
  content-length-exceeded
  cookie-count-exceeded
  cookie-expired
  cookie-length-exceeded
  cookie-name-length-exceeded
  cookie-tampered
  cross-site-request-forgery-attack-detected
  cross-site-scripting-in-header
  cross-site-scripting-pattern-in-parameter
  cross-site-scripting-pattern-in-url
  custom-attack-pattern-in-header
  custom-attack-pattern-in-parameter
  custom-attack-pattern-in-url
  directory-traversal-beyond-root
  directory-traversal-in-header
  directory-traversal-pattern-in-parameter
  domain-not-found-in-profile
  error-response-suppressed
  file-upload-size-exceeded
  forbidden-file-extension
  forbidden-method
  get-request-with-content-length-header
  header-count-exceeded
  header-name-length-exceeded
  header-value-length-exceeded
  http-1.1-request-without-host
  identity-theft-pattern-matched-in-response
  invalid-header
  invalid-method
  invalid-or-malformed-http-request
  invalid-url-character-set
  invalid-url-encoding
  large-parameter-in-post-data
  malformed-content-length
  malformed-cookie
  malformed-end-of-request-line
  malformed-header
  malformed-parameter
  malformed-version
  mandatory-parameter-missing
  max-instances-of-parameter-exceeded
  metacharacter-in-parameter
  metacharacter-matched-in-header
  mismatched-header-cookie-replay-attack
  mismatched-ip-cookie-replay-attack
  multiple-content-length-headers
  no-param-profile-match
  no-url-profile-match
  os-command-injection-in-header
  os-command-injection-pattern-in-parameter
  os-command-injection-pattern-in-url
  parameter-input-validation-failed
  parameter-length-exceeded
  parameter-name-length-exceeded
  parameter-value-not-allowed
  post-request-without-content-length
  pre-1.0-request
  query-string-not-allowed
  read-only-or-hidden-parameter-tampered
  remote-file-inclusion-pattern-in-parameter
  remote-file-inclusion-pattern-in-url
  response-header-suppressed
  session-choice-parameter-tampered
  session-context-not-found
  session-invariant-parameter-tampered
  session-not-found
  slash-dot-in-url-path
  sql-injection-in-header
  sql-injection-pattern-in-parameter
  sql-injection-pattern-in-url
  tilde-in-url-path
  too-many-parameters
  too-many-sessions-for-ip
  too-many-uploaded-files
  total-request-length-exceeded
  total-request-line-length-exceeded
  unknown-content-type-in-post-body
  unrecognized-cookie
  url-length-exceeded
  url-query-length-exceeded
  message-is-not-HTTP1.1
  message-is-not-HTTP1.0-or-HTTP1.1
  message-is-not-UTF8-or-UTF16
  request-is-not-HTTP-POST
  resp-has-no-wrapper-named-op
  soapaction-hdr-is-not-quoted
  DOCTYPE-element
  msg-part-accessors-have-no-ns
  msg-does-not-include-allhdrs
  oneway-resp-non-empty-body
  req-matches-wsdl
  no-fault-for-bad-env-ns
  resp-matches-wsdl
  faults-use-dot-notation
  atts-in-soap-env-hdr-body
  env-ns-is-1998
  good-resp-is-not-200ok
  processed-resp-status-is-nither-200-nor-202
  non-POST-req-does-not-get-405
  non-XML-req-does-not-get-415
  fault-resp-is-not-defined-in-wsdl-binding
  WSI-confirmance-not-in-soap-hdr
  WSI-confirmance-is-not-well-formed
  WSI-confirmance-claims-are-not-mustunderstand
  soapaction-hdr-does-not-match-op-soapaction
  msg-body-is-not-soap-env-with-ns
  soap-body-children-are-not-ns-qualified
  soap-fault-has-envelope-ns
  soapenc-arraytype-attr
  xml-processing-instructions-in-body
  part-accessors-has-xsi-nil
  mustunderstand-is-nither-1-nor-0
  soap-faultcode-is-not-std
  soap-fault-is-not-in-HTTP500-resp
  soap-fault-does-not-have-allowed-children
  encodingStyle-in-envelope-ns-elements
  soap-encodingStyle-in-body-children
  envelope-have-children-after-body
  soap-fault-children-are-qualified
  encodingStyle-in-rpc-literal-grand-children
  envelope-and-body-are-not-xml1.0
  envelope-does-not-confirm-to-schema
  invalid-soap-envelope
  invalid-soap-header
  invalid-soap-body
  additional-soap-headers-rcvd
  max-tree-depth-exceeded
  max-element-name-length-exceeded
  max-elements-in-tree-exceeded
  max-element-children-exceeded
  max-element-attributes-exceeded
  max-attribute-name-length-exceeded
  max-attribute-value-length-exceeded
  max-text-size-exceeded
  max-document-size-exceeded
  min-document-size-limit
  processing-instructions-found
  dtd-found
  external-uri-ref-found
  malformed-xml
  rate-control-intrusion
attack_action_redirect_url = 
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
attack_action_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
  default
attack_description = 146
  145
  40
  141
  32
  41
  142
  31
  165
  37
  158
  167
  35
  155
  171
  16
  39
  160
  130
  17
  151
  150
  5
  125
  44
  143
  6
  126
  63
  122
  118
  77
  12
  11
  129
  123
  124
  120
  121
  128
  119
  138
  137
  152
  7
  116
  117
  127
  163
  131
  38
  159
  168
  156
  154
  147
  139
  25
  60
  132
  134
  164
  170
  61
  136
  162
  135
  161
  14
  36
  157
  166
  15
  149
  144
  148
  0
  140
  26
  30
  42
  43
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  190
  191
  192
  193
  174
  175
  176
  184
  177
  178
  179
  181
  182
  183
  186
  185
  187
  188
  75
attack_group = advanced-policy-violations
  advanced-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  param-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  header-violations
  param-profile-violations
  application-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  protocol-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  response-violations
  protocol-violations
  protocol-violations
  protocol-violations
  advanced-policy-violations
  request-policy-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  protocol-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  header-violations
  request-policy-violations
  request-policy-violations
  protocol-violations
  url-profile-violations
  application-profile-violations
  header-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  param-profile-violations
  protocol-violations
  protocol-violations
  url-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  response-violations
  param-profile-violations
  param-profile-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  header-violations
  param-profile-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  url-profile-violations
  request-policy-violations
  request-policy-violations
  request-policy-violations
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-wsi-assertion-failures
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-soap-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  xmlfw-dos-violations
  advanced-policy-violations
cookie_replay_protection_type = 1
global_adr_action = 1
  2
  2
  2
  2
  2
  1
  2
  0
  2
global_adr_deny_response = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_extended_match = *
  (URI-Path req "\/.*copy(%20|%09)[^/]*")
  (URI-Path req \/.*%23[^/]*)
  *
  *
  *
  *
  *
  *
  (Header Translate eq F)
global_adr_extended_match_sequence = 1
  2
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_name = access-control-login-url
  backups-prefix-copy
  backups-prefix-hash
  backups-suffix-bak
  backups-suffix-old
  backups-suffix-sav
  favicon.ico
  phpinfo
  robots.txt
  translate-f-vulnerability
global_adr_redirect_url = 
  
  
  
  
  
  
  
  
  
global_adr_response_page = default
  default
  default
  default
  default
  default
  default
  default
  default
  default
global_adr_status = 1
  1
  1
  1
  1
  1
  1
  1
  1
  1
global_adr_url = /nclogin.submit
  /*
  /*
  /*.bak
  /*.old
  /*.sav
  /*/favicon.ico
  /*/phpinfo.php
  /*/robots.txt
  /*.asp
param_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
parameter_protection_denied_meta_characters = %00%04%1b%08%7f
parameter_protection_file_upload_extensions = JPG
  GIF
  PDF
parameter_protection_max_param_value_length = 4096
parameter_protection_max_upload_file_size = 1024
parameter_protection_status = 1
parameter_protection_white_listed_parameters = __VIEWSTATE
  PostBody
url_protection_allow_methods = GET
  POST
  PUT
  HEAD
  CONNECT
  OPTIONS
  BDELETE
  BMOVE
  COPY
  DELETE
  ERROR
  LOCK
  MKCOL
  MOVE
  PROPFIND
  PROPPATCH
  PURGE
  TRACE
  UNLOCK
url_protection_allowed_content_types = application/x-www-form-urlencoded
  multipart/form-data
  application/x-www-UTF8-encoded
  application/x-vermeer-urlencoded
  text/xml
url_protection_internal_attack_types = cross-site-scripting
  sql-injection-medium
  os-command-injection
url_protection_max_content_length = 32768
url_protection_max_parameter_name_length = 64
url_protection_max_parameters = 40
url_protection_max_upload_files = 5
url_protection_status = 1
