{
  "rules": [
    {
      "state": "on",
      "rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|idea|user\\.ini)",
      "name": "dirFilter1",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$",
      "name": "dirFilter2",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$",
      "name": "dirFilter3",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "rule": "java\\.lang",
      "name": "dirFilter4",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "rule": "/(hack|shell|spy|phpspy)\\.php$",
      "name": "phpExec1",
      "type": "phpExec"
    },
    {
      "state": "on",
      "rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)",
      "name": "phpExec2",
      "type": "phpExec"
    },
    {
      "state": "on",
      "rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php",
      "name": "phpExec3",
      "type": "phpExec"
    },
    {
      "state": "on",
      "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
      "name": "oneWordTrojan1",
      "type": "oneWordTrojan"
    },
    {
      "state": "on",
      "rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)",
      "name": "appFilter1",
      "type": "appFilter"
    },
    {
      "state": "on",
      "rule": "wp-includes/wlwmanifest.xml",
      "name": "appFilter2",
      "type": "appFilter"
    },
    {
      "state": "on",
      "rule": "<php>die(@md5(HelloThinkCMF))</php>",
      "name": "appFilter3",
      "type": "appFilter"
    },
    {
      "state": "on",
      "rule": "/boaform/admin/formLogin",
      "name": "appFilter4",
      "type": "appFilter"
    },
    {
      "state": "on",
      "rule": "(?:(union(.*?)select))",
      "name": "sqlInject1",
      "type": "sqlInject"
    }
  ]
}