{\rtf1\ansi\ansicpg1252\cocoartf1504\cocoasubrtf830 {\fonttbl\f0\fnil\fcharset0 Menlo-Regular;\f1\fnil\fcharset134 PingFangSC-Regular;} {\colortbl;\red255\green255\blue255;\red0\green0\blue0;\red213\green213\blue213;} {\*\expandedcolortbl;;\csgray\c0;\cssrgb\c86630\c86630\c86630;} \paperw11900\paperh16840\margl1440\margr1440\vieww28600\viewh18000\viewkind0 \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0 \f0\fs36 \cf2 \cb3 \CocoaLigature0 \ \{"transaction":\{"client_ip":"94.156.138.51","time_stamp":"Fri Mar 2 11:44:26 2018","server_id":"b601f6016c09495d37efd36ac8899ad0c2ce965f","client_port":59033,"host_ip":"94.156.138.51","host_port":80,"id":"151998386686.143137","request":\{"method":"GET","http_version":1.1,"uri":"/?%3Cscript%3E","headers":\{"Host":"activewaftest.com","Connection":"keep-alive","Upgrade-Insecure-Requests":"1","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","Accept-Encoding":"gzip, deflate","Accept-Language":"en-US,en;q=0.9"\}\},"response":\{"http_code":200,"headers":\{\}\},"producer":\{"modsecurity":"ModSecurity v3.0.0rc1 (Linux)","connector":"ModSecurity-nginx v0.1.1-beta","secrules_engine":"Enabled","components":["OWASP_CRS/3.0.2\\""]\},"messages":[\{"message":"XSS Attack Detected via libinjection","details":\{"match":"detected XSS using libinjection.","reference":"v6,8t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls","ruleId":"941100","file":"/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf","lineNumber":"17","data":"Matched Data: accept-language found within ARGS_NAMES: