# Copyright 2019 Andrew Rowe.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# some common nuisances that should be blocked in a flask app
# updated: 28-02-2019
#
# format:
#
# # is comment
# blank lines and lines less than 3 chars are ignored
# ==regex== denotes start of regex strings
# ==string== denotes start of direct string matches
# either of the previous commands can be resused multiple times
#
# url strings are stripped of any parameters before checking
#
# php, java, .net etal should not be handled by flask

==regex==

.*\.php$
.*\.jsp$
.*\.jspx$
.*\.wss$
.*\.do$
.*\.action$
.*\.aspx$
.*\.asp$
.*\.asx$
.*\.cfm$
.*\.cgi$
.*\.nsf$
.*\.env$
# hacking attempts
.*netease\.com\:25$
.*?PHPSESSID=
.*/a2billing/.*
.*\/usage_201811.html$
.*\/usage_201811$
.*\/wp-admin\/$
==string==

# all of these are hacking attempts by vulnerbility scanners
/admin/assets/js/views/login.js
/bea_wls_deployment_internal
/HNAP1/
/manager/html
/index.php/admin/
/muieblackcat
/admin/images/cal_date_over.gif
/mysqladmin/
/phpmyadmin/
/pma/
/sql/
/myadmin/
/temp/wp-admin/
/.git/config
/libs/js/iframe.js
/joomla/
/sftp-config.json
/wp-content/plugins/image-clipboard/readme.txt
/api/v1/pods
/phpmyadmin0/
/phpmyadmin/
