Hub WAF rule

More info

generic-wordpress-uploads-listing WAF Rule

« WordPress Uploads - Directory Listing »
v0.4 by crowdsecurity
WAF rule

Protect Wordpress uploads directory from listing files

Installation

cscli appsec-rules install crowdsecurity/generic-wordpress-uploads-listing

YAML Configuration

1name: crowdsecurity/generic-wordpress-uploads-listing
2description: "Protect Wordpress uploads directory from listing files"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: GET
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      - urldecode
15      match:
16        type: regex
17        value: '^/wp-content/uploads/(.*/)?$'
18    
19labels:
20   type: exploit
21   service: http
22   confidence: 2
23   spoofable: 0
24   behavior: "http:exploit"
25   label: "WordPress Uploads - Directory Listing"
26   classification:
27     - attack.T1595
28     - attack.T1190
29

Hub WAF rule

« WordPress Uploads - Directory Listing »v0.4 by crowdsecurityWAF rule

« WordPress Uploads - Directory Listing »
v0.4 by crowdsecurity
WAF rule