ELF>@C@h@8 @@@@ %j%j--|0088800hhhDDStd88800PtdQtdRtdXX/lib64/ld-linux-x86-64.so.2 GNUGNUo> 7lTG.5YGNU@@em}%G@]c3Up^dQ>,S{gV_Ynk  , . vF"_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTable__cxa_finalize__libc_start_mainstrcmppcre_compilestderr__fprintf_chkexit__stack_chk_failstrlenpcre_exec__printf_chk__sprintf_chkapr_pallocmemsetstrchr__ctype_b_locapr_table_makeapr_table_eltsapr_table_addstdoutfflushapr_psprintfstrstrapr_pstrcatfopenfgetcfeoffclosepcre_studyapr_table_setnstrrchrapr_pstrdup__vsprintf_chkputcharputscalloc__ctype_toupper_locapr_pool_create_exapr_uri_parseapr_pool_destroystrncmpfwriteapr_table_getapr_table_addnapr_table_unsetapr_app_initializenicestrtolctimeapr_time_now__strcpy_chk__errno_locationstrerrorpthread_createpthread_joinOPENSSL_sk_sortOPENSSL_sk_numOPENSSL_sk_pushOPENSSL_sk_valueOPENSSL_sk_newlibcrypto.so.3libapr-1.so.0libaprutil-1.so.0libpcre.so.3libc.so.6OPENSSL_3.0.0GLIBC_2.4GLIBC_2.34GLIBC_2.3GLIBC_2.2.5GLIBC_2.3.4 +pH>ii V`ii kui uti  DC@*8:< (08 @ H P X `hpx !"#$%& '((0)8+@,H-P.X/`0h1p2x345679;=>?HHHtH5ʽ%˽hhhhhhhhqhah Qh Ah 1h !h hhhhhhhhhhqhahQhAh1h!hhhh h!h"h#h$h%h&h'qh(ah)Qh*Ah+1h,!h-h.h/h0h1h2h3h4h5h6h7qh8a%D%%D%D%D% D%D%D%D%D%D%ݹD%չD%͹D%ŹD%D%D%D%D%D%D%D%D%}D%uD%mD%eD%]D%UD%MD%ED%=D%5D%-D%%D%D%D% D%D%D%D%D%D%ݸD%ոD%͸D%ŸD%D%D%D%D%D%D%D%D%}D%uD%mD%eDAWAVAUATUSHx$1H$dH%(H$h1/DŽ$HD$8H$DŽ$H81H$H$H111H$H$ H$ HD$H$ HD$(H$ Ip HD$ QH$HkH$LhH$L$HD$D{D$HD$0EHf.MeA$-tzHLH5LAD$tI}IE 1H$ZD$L$жiA|$v -qA|$co-\A|$i-GA|$k-2A|$f-A|$d)-A|$uA|$AD$MeMmH59L$LHt !H5!LHt H5LH\ PfDA|$AD$DŽ$IEH$1TDE=sd kH$HH$HALH (&L0HE1H\$@ H$H HމD$D%H@ D$xH|$H|$H5 HHHILjH$PH$PLD$HHL$@HT$8H$uCH HD RH$HD$EH|$01yH|$H$GHI\H=ŀADL1H5H|$D$H5ˀDP 1yHH5j1_HT$H5j1H-SHH9wH5W1 =}HH5HDӿ1EH51=HH5HDӿ1=6HH5HDӿ1H51 y =ֲHiH^HEH5Q1=$ H-6=H$HH5[HD1BH5{1=HHH5yHDӿ1H<$ H$H51T$x1H5jT$D1H5v$H5W1\H$H+L$8H51HȿHH1HH?HH)H=H=iLl$HLdL`JfDH$8IOfHH@0H@@ ID$HFL 9h HL%EH0Aƍ@$EfDD,$HE)ADLxLH$H,HH1H1IAu[f<\LLx@t>HcʍrL<"u؍BHc\HA0xA2BHA2LLx@uH8HDLHHD1EH$H$hdH+%(Hx1[]A\A]A^A_I}IE 1H$D$L$fAMl$D$L$EA|$AD$IEMeH$@A|$jAD$XIEMeHD$rA|$GAD$ IEMeHۮ8A|$*AD$IEMeH | zH 5H=DzHTA|$AD$zI}IE 1H$`D$L$έoDA\m\JHcIGHcA0xA5JHcAcGD$xD$DL$DŽ$DŽ$LL IxHHD$X1=V=#|L1LHD$`LHD$hLd$H$LL$MH@L$H$HH$HD$<@LkHEe0HD$HEuIuHtH|$hHFHL;h |H|$`L$1L%L$XL|$HL|$Lt$PHXLt$`fDH3LHL;h >DEtHL1H51rH|$H5zE1HH$ HD$H 1HIH$HD$ ID$HD$(M1 I u4t,HMA< uHAfDAHÅH|$ 111L$ALHv A|$/A<$/MtH$eL$HT$H$LxuTH$@Ht 8/H'MDHuH81 H$nfHLH<|H815"t@Ht$( L% H+D$HMcHHHHHHȿ@BHHHHHiHHII1H|$H$HIH=vADL1H5}H|$D$ZH5#vDP 11H~H5}MOLH5 v14H$L3H|$ILLp Hl$0Hl$I8f.LII~jLjE1E1H?1ZYH;X |Hl$0H=4vH5u}1oH5W}1EIH(iHwH5}1A=8HsHHqH81gD$M"=Hl$XLd$HD$ LeLL}HEsL@ EbH|$1H@ HEL>1LL@ HT$ AsH$H$I =H|$1L=`sLt$HLt$HX HL;h }FH3LHuH3H$Huǃ=x-H3HwuL@LLt$H1oLd$Hh@HuLH=LE;X |=H|$H5RuLWHjIH$PH$PLD$HHL$@HT$8H$4H H kL$L|$H1Lt$PLLl$HHhIHl$IUIuHIL;X |܃=ULl$HH5y1H=yHǤH8H=y#H5xLRAD$FI}IE 1H$,D$L$;H=q%H6H8VdH5x1HH8/H5!xLaD$MIE HD$pHH`uH$IE(H$H=IuH$H|$hH$l$|H$Hl$pHD$P1L$9\$|HD$PLhA}0Ll$pIuHH$Hx=Q~2IM(HHD$pHP HmH5bw1HD$p}Lh H1LL1HŃ=~HH5&w1HD$p1LAH$HP(1H$H|$`H$HD$PH0qHD$PL;X Hl$pL$H$l$|EH$H3H|$` =91H5vuL1HDŽ$IUL8HD$H.LT$HI1LHD$p8%1LH!uL11HHD$HHT$1I$HHt$HH$LID$IEID$=zLD$HLH5t1 HH8HLLLIM$L$$M]A<$R|LHHt@I9r("|HI9x\HxtHHH tsE1LLH1g1LLH$HJs1I1LLH54sI10H$HI-HtI&LhLHHjtHNLICHI9vLLH)H:tLH;tHE1LLHr1HHH{HL$$H5ZsLD$MHL$HH1H5\s==~ H$HT$pH5Us1Iu0HD$pHKpH$H5rLED$M]HmE1E1HLH$Ht$HE1LHHq1bIHT$HH5r1*H emH5!rLuPD$MH5qLuuUD$M1H HHL$HjH81lH5qL uHD$0D$M*H5iqLuD$MH5?qLUH5,qL>H5qL'H5qLotD$MHf.@1I^HHPTE11H=sf.H=HH9tH^Ht H=H5zH)HH?HHHtH-HtfD==u+UH=ڛHt H=d]wHHpHHx9fATE1IH dH%(HD$1HL$ HT$HD$iHtHT$dH+%(u;H A\H6LL$LDD$ HEKH819@ATUSHH dH%(HD$1^jH=m1E1E1HLd$AT|Y^x>=~ HcD$ HHT$dH+%(H []A\HjH=1ATE1HE1ɉAX1ZEx=~uHcL$ T$H5QiHH)1lHcL$ T$H5iHH)1CfATL%iUL5JLHD dH%(H$1HHf1HLHD L JH101H1H= JH֙1H=(JHHH$dH+%(u H]A\fAWAVAUATUHHSHH(dHL$LAL1HtHD$HD$AE1L-g1JfDEg@\A\u @A\HT$IcA +DsHEt t='~LH5\1HD$(A>"Ltz8LLH5g`1bt$ HIHT$1HHD$L8ILL$LH1HL H<$LzINP H)HپH[H816fDATUSHH L%nH/dH%(HD$1MHJjE1E11LHT$RHmZYxlHc|$ D$ )HHHD8 u H8 tH H'@HD$dH+%(uEH []A\HtA HAtHtHhEx/uH+fDAWAVAUATUHSH8 HHHD$L$ PD$,HD8/u D$,H|$/dHHw|$ kH\L%=ZH$f.;tHS51HKHHHHHD$I"HD$LxSD$$~ LH5Y1.D$$Ll$Au@@t$+5}t$+L0DHfAF u LHtAuI@uHD$AEp@@t$t=+t$L(HfADE uLHAwI@uӃ|$$E1Ht$H(E1LHHHX1.H$H1H1H|$/H$l$ HËD$ Ht\HL$HJZ9H$:L$,H8HHE1[H \]1A\A]A^A_fHHeR|$$~HT$L1H5X.A?LH)IHD$8HYu0H8[]A\A]A^A_H$H8HH[1]1A\A]A^A_H$@H\$HHHE1H WHHH5W1Ll$USHH $HH $HH$@ IH$H L$P L$X t@)$` )$p )$ )$ )$ )$ )$ )$ dH%(H$( 1IH$ $HD$0HH$!LHHD$H$0 HD$$  H$9@HcH< t< H16@<\<-< t HcʃD GHt&u< uHcHD uHc1D H5UHT$ H$( dH+%(H []HcʃD \`$ 13HT$ H5>U1D$ aHT$ H5U1D$ B k1'SHH $HH $HH$@ IH$H L$P L$X t@)$` )$p )$ )$ )$ )$ )$ )$ dH%(H$( 1IL$ $LD$0HH$ LLHD$H$0 HD$$ tLH$!1%HcHT4 Q='t#t߀\t-uHcD4 \1fDHHT$ D H5S1H$( dH+%(u H [AVAUATIUSHdH%(H$1IH LHL L11H55H51611 L11HRUH516l11LH5V6YL11H56F \H=U11H56 11H5611H571H5?711H5o7111H5711H5711H5711H55811H5m811H5 RL11H58m11H58]11H58M1H5$91=1H5\91- CH=TwH5Q111H5V91H5v91H59H591H-Q H1H5Q1H5Q1H5Q1H5QH5Q1 t1H59D1H5941H5:$1H5xQ1H5+:H5e:11H5:1H5:1H55QLH5?Q111H5:1H5;L1H5&;y1H5X;i1H5;Y1H5;I1H5<91H5(<)H5b<1 /Hg1H5~<W1H5<G1H5<71H5<' 11H5AP11H5 =11H5B=11H5Pu11H5J=e11H5=U11H5OE11H5=511H5=%11H5">H5^>1111H5O11H5b>11H5O11H5>11H5{O11H5>11H5aO11H5>11H5GOu1H5>1e'~11H5-OH-OH11H5+O811H5>(11H5O11H5O11H5 O11H5>11H5?11H5N11H5%?1H5N11H5O?111H5N11H5Nx11H5e?h11H5NX11H5NH11H5}?811H5?(11H5?H51@11 H=NR1L1H5D@11H5l@11H5@11H5@11H5@11H5,A11H5\A11H5Ao11H5A_11H5AOH5M11?11H5 B/11H54BH5hB11 %H=MYL11H5kBF11H:11H5wB*11H5B11H5B 11H5BH5B11H5C11H5+C11H5CC11H11H5gC11H5C11H5C11~ 4HPH5L1zH=DNH-bKH5H5eK1 1H58H5V81HH5&K1w 1H5?8ZH581GHH5J1, B1H581H581H58H5291H.H5|J1 ѿ1H59HH5JJ1 虿H5*91fH辿H5J1K aH5*91.H膿H5I1 )H5:91HNH5I1 1H539x1H5IHH5I1 蠾1H5*9mHžH5RI1R hH5;I15H荾H55I1 01H58H5.91HBH5H1 H5&91H H5H1 譽1H5/9zH5H1gH追H5H1L b1H5,9/H5|H1HH-HmH5pH1 1H5"91H5_91H59H591 躼H= HL1H59x1H5:e1H5/:R1H5\:?1H5:,H5:11H5:1H5;1H5=;1H5j;1H5BG1H5;1H5;H5;1 藻H=F˻L1H5;1H1H5;1H5;1H5<m1H5'<ZH5K<1G1H5Y<4H5<1!H5<1H1H5<1H5=1H5:=1 |H=E谺H=a=褺H=E蘺H==茺1薸I,$I@蠷H1fH=t A HI,@uMLALLIH MI1H5%' 轹H= CL1H5%{H5 &1h ~H=B貹L1H[DH5%5L1H5&L1H5F& H=BS1H5U&1H5&1H5&1H5&1H5!'1H5N'H5'1n1H5'[1H5'H1H5(5H5A1"H=4CvL1H5%(1H5J(1H5w(1H5(H5(1 ʷH=VAH=BH5JA1 蕷iH=AķH5A1Q g1hff.AWMAVAUATUSHHhL$H$HL$hLD$pH|$8Ht$0 HT$(Lt$xH$dH%(H$X1Ƶ 1HM HIʼnL$XAMML$ D$\,HD$`fDL1(fH u4t,LIƶE< uL赶EfDA$L苶D$nH$111L$脵LD$ Hv A/AH:1'IHAWfDHjL$ Hi5kH81űtMgD$L$xD$Ma=jLLd$ Lt$@L|$H~HH5<1OHXjL$ MHZ5H81;D$XYH$L$XHD$xL$ H$XdH+%(2Hh[]A\A]A^A_Ë$MLd$ Lt$@L|$H =jI T$ H5h<1藭LHD$Hv+1I<&$H$1LLH :L$MD$PID$ HL$@{&vH<=u;=  {&tT$ C}L1H;L1IE:HHE1-IMHl$ ELd$ L$Ld$PL$M9 A9t"LD$LL$PTLL$PD$E:HT$ 1H571LLL$PQ=hHt$PLHsdE1HLHL7Hl71H1H:L1HD$ =1hQHD$@1JD$ CU} 1H݄oIILH$ML$M9t]A9t&Lω$L$?$L$t;TLL$H1LH12HDD$ L$PHLD$HT$@HD$ sHHTHcgHLLL$L$LLHH591WIEL1Hv9L1蕪IH5W9tE=fLͪjH=f1jE1E1LAYAZPH5e1H$1讫HD$@HD$H=4fMLd$ Lt$@L|$H I2H|$(L could not compile pcre at position %d, reason: %s ([a-z]+[a-z0-9]*[A-Z]+[A-Z0-9]*)([A-F0-9]*[A-F]+[0-9]+[A-F0-9]*)^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK|VERSION-CONTROL|REPORT|CHECKOUT|CHECKIN|UNCHECKOUT|MKWORKSPACE|UPDATE|LABEL|MERGE|BASELINE-CONTROL|MKACTIVITY|ORDERPATCH|ACL|PATCH|SEARCH|BCOPY|BDELETE|BMOVE|BPROPFIND|BPROPPATCH|NOTIFY|POLL|SUBSCRIBE|UNSUBSCRIBE|X-MS-ENUMATTS|RPC_IN_DATA|RPC_OUT_DATA) /[ -!#-]* HTTP/WARNING, found escaped null char %s .TH %s 1 "%s" "mod_qos utilities %s" "%s man page" %s - an utility to generate mod_qos request line rules out from existing access/audit log data. %s%s -i [-c ] [-d ] [-h] [-b ] %s [-p|-s|-m|-o] [-l ] [-n] [-e] [-u 'uni'] %s [-k ] [-t] [-f ] [-v 0|1|2] mod_qos implements a request filter which validates each request line. The module supports both, negative and positive security model. The QS_Deny* directives are used to specify request line patterns which are not allowed to access the server (negative security model / blacklist). These rules are used to restrict access to certain resources which should not be available to users or to protect the server from malicious patterns. The QS_Permit* rules implement a positive security model (whitelist). These directives are used to define allowed request line patterns. Request which do not match any of these patterns are not allowed %s is an audit log analyzer used to generate filter rules (perl compatible regular expressions) which may be used by mod_qos to deny access for suspect requests (QS_PermitUri rules). It parses existing audit log files in order to generate request patterns covering all allowed requests. Input file containing request URIs. The URIs for this file have to be extracted from the servers access logs. Each line of the input file contains a request URI consiting of a path and and query. These access log data must include current request URIs but also request lines from previous rule generation steps. It must also include request lines which cover manually generated You may use the 'qos-path' and 'qos-query' variables to create an audit log containing all request data (path and query/body data). Example: 'CustomLog audit_log %{qos-path}n%{qos-query}n'. See also http://mod-qos.sourceforge.net#qsfiltersample about mod_qos configuration file defining QS_DenyRequestLine and QS_PermitUri directives. %s generates rules from access log data automatically. Manually generated rules (QS_PermitUri) may be provided from this file. Note: each manual rule must be represented by a request URI in the input data (-i) in order to make sure not to be deleted by the rule optimisation algorithm. QS_Deny* rules from this file are used to filter request lines which should not be used for whitelist rule generation. # manually defined whitelist rule: QS_PermitUri +view deny "^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$" # filter unwanted request line patterns: QS_DenyRequestLine +printable deny ".*[\x00-\x19].*" Depth (sub locations) of the path string which is defined as a literal string. Default is 1. Always use a string representing the handler name in the path even the url does not have a query. See also -d option. Replaces url pattern by the regular expression when detecting a base64/hex encoded string. Detecting sensibility is defined by a numeric value. You should use values higher than 5 (default) or 0 to disable this function. Represents query by pcre only (no literal strings). Uses one single pcre for the whole query string. Uses one pcre for multiple query values (recommended mode). Does not care the order of query parameters. Outsizes the query length by the defined length ({0,size+len}), Disables redundant rules elimination. Enables additional decoding methods. Use the same settings as you have used for the QS_Decoding directive. Prefix used to generate rule identifiers (QSF by default). Calculates the maximal latency per request (worst case) using the Filters the input by the provided path (prefix) only processing Verbose mode. (0=silent, 1=rule source, 2=detailed). Default is 1. Don't use rules you haven't checked the request data used to generate it! Level 1 is highly recommended (as long as you don't have created the log data using your own web crawler). The output of %s is written to stdout. The output contains the generated QS_PermitUri directives but also information about the source which has been used to generate these rules. It is very important to check the validity of each request line which has been used to calculate the QS_PermitUri rules. Each request line which has been used to generate a new rule is shown in the output prefixed by "ADD line :". These request lines should be stored and reused at any later rule generation (add them to the URI input file). The subsequent line shows the generated At the end of data processing a list of all generated QS_PermitUri rules is shown. These directives may be used withn the configuration file used by mod_qos. %s -i loc.txt -c httpd.conf -m -e # ADD line 1: /aaa/index.do # 003 ^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$ # ADD line 3: /aaa/view?page=1 # --- ^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$ # ADD line 4: /aaa/edit?document=1 # 004 ^[/a-zA-Z]+/edit\?((document)(=[0-9]*)*[&]?)*$ # ADD line 5: /aaa/edit?image=1.jpg # 005 ^[/a-zA-Z]+/edit\?((image)(=[0-9\.a-zA-Z]*)*[&]?)*$ QS_PermitUri +QSF001 deny "^[/a-zA-Z]+/edit\?((document|image)(=[0-9\.a-zA-Z]*)*[&]?)*$" QS_PermitUri +QSF002 deny "^[/a-zA-Z0-9]+/view\?(page=[0-9]+)?$" QS_PermitUri +QSF003 deny "^(/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}$" qsdt(1), qsexec(1), qsgeo(1), qsgrep(1), qshead(1), qslog(1), qslogger(1), qspng(1), qsre(1), qsrespeed(1), qsrotate(1), qssign(1), qstail(1)Pascal Buchbinder, http://mod-qos.sourceforge.net/See http://mod-qos.sourceforge.net/ for further details.WARNING, line %d: unexpected data format, try to detect request lines automatically WARNING, line %d: invalid request %s WARNING: blacklist filter match at line %d for %s (/[a-zA-Z0-9\-_]+)+[/]?\.?[a-zA-Z]{0,4}ERROR, rule check failed (did not match)! ERROR, too many rules (limited to max. 2000) # too many rules: start rule optimization ...# continue with rule generationERROR, failed to change nice value: %s ERROR, option -s,-m,-o or -p can't be used together. ERROR, could not open input file %s # search for redundant rules ...# DEL rule (not required): %s # --------------------------------------------------------# %d rules from %d access log lines # performance index (ms/req): %ld # disable path only regex (-h): %s # base64 detection level (-b): %d # pcre only for query (-p): %s # one pcre for query value (-m): %s # ignore query order (-o): yes# single pcre for query (-s): %s # --------------------------------------------------------QS_PermitUri +%s%.3d deny "%s" # whitelist (loaded existing rules): %d # blacklist (loaded deny rules): %d B64: %.*s HX: %.*s %s{%d,}{}[]()^$.|*+?\-\x%02x[%d]#\x%02x#(=[&]?)*)(=[]*)*[&]?)*)[&]?)*(((rERROR, could not open %s load %s B642pcre: %s-_$+! %s <> %s [a-zA-Z0-9\-_\$\+!]+.SH NAME.SH SYNOPSIS.SH DESCRIPTION to access the server. .SH OPTIONS -i Example: /aaa/index.do /aaa/edit?image=1.jpg /aaa/image/1.jpg /aaa/view?page=1 /aaa/edit?document=1 rules. the module settings. .TP -c -d -h -b -p -s -m -o -l default is %d. -n -e Exit on error. -u 'uni' -k -t generated rules. -f matching lines. -v .SH OUTPUT rule. .SH EXAMPLE ... .SH SEE ALSO.SH AUTHORSample Usage and Outputmod_qos %s Usage: SummaryOptionsERROR, could parse uri %s blacklist match, rule %s # ADD line %d: %s # --- %s LINE %d, exiting rule: %s # -(S) %s LINE %d, analyse: %s /]+=)?%s[%s]{0,%lu}[&]?[&]?)?((%s)*| path: %s path rule: %s query: %s query rule: %s fragment: %s fragment rule: %s ^[/]?^\?$# %.3d %s string: %s unescaped line%.*s%.*s# CHANGE: <%s> to <%s> [%s] [%s] [%s]{%d}%.*s%s%syesnoQSF-n-b-l-p-m-o-s-e-t-h-?--help--manQS_DenyRequestLineQS_PermitUri search for path %s (%s) . %s %s + %s %s > %s # CHANGE: <%s># DEL rule: %s # # search for redundant rules done# verify new rules ...# %s # mod_qos version: %s # source (-i): %s # path depth (-d): %d # redundancy check (-n): %s # decoding (-u): url uni html ansi# query outsize (-l): %d # exit on error (-e): %s # duration: %ld minutes # rule file (-c): %s # blacklist matches: %d 11.63May 2019;,jm$m<lqL o   Xp oooo~ o0 @ P ` p !! !0!@!P!`!p!!!!!!!!!"" "0"@"P"`"p"""""""""## #0#@#P#`#p##### 3ee80bea371ebe6c544791df2e3516fe82ac59.debugP }.shstrtab.interp.note.gnu.property.note.gnu.build-id.note.ABI-tag.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.got.plt.sec.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.dynamic.data.bss.gnu_debuglink 880&hh$9 Go$Q Y ao~ ~ no}BppX  ####`'`'b %D0$($X$4X