Форум АНТИЧАТ - Показать сообщение отдельно

[QUOTE="crlf"]
crlf said:
↑
Внимательнее изучил регулярку:
[CODE]
Code:
SecRule REQUEST_HEADERS_NAMES "x_(?:key|file)\b" "phase:2,rev:'2.0.5',t:none,t:lowercase,ctl:auditL ogParts=+E,pass,nolog,auditlog,msg:'Backdoor access',id:'950110',tag:'MALICIOUS_SOFTWARE/TROJAN',tag:'WASCTC/WASC-01',tag:'OWASP_TOP_10/A7',tag:'PCI/5.1.1',severity:'2',setvar:'tx.msg=%{rule.msg}',se tvar:tx.trojan_score=+1,setvar:tx.anomaly_score=+% {tx.critical_anomaly_score},setvar:tx.%{rule.id}-MALICIOUS_SOFTWARE/TROJAN-%{matched_var_name}=%{matched_var}"
SecRule REQUEST_FILENAME "root\.exe" \
"phase:2,rev:'2.0.5',t:none,t:urlDecodeUni,t:htmlE ntityDecode,t:lowercase,ctl:auditLogParts=+E,pass, nolog,auditlog,msg:'Backdoor access',id:'950921',tag:'MALICIOUS_SOFTWARE/TROJAN',tag:'WASCTC/WASC-01',tag:'OWASP_TOP_10/A7',tag:'PCI/5.1.1',severity:'2',setvar:'tx.msg=%{rule.msg}',se tvar:tx.trojan_score=+1,setvar:tx.anomaly_score=+% {tx.critical_anomaly_score},setvar:tx.%{rule.id}-MALICIOUS_SOFTWARE/TROJAN-%{matched_var_name}=%{matched_var}"
SecRule RESPONSE_BODY "(?:[^[^