diff --git a/regex-assembly/include/unix-shell-4andup.ra b/regex-assembly/include/unix-shell-4andup.ra
index ab77df1308..3cd7333135 100644
--- a/regex-assembly/include/unix-shell-4andup.ra
+++ b/regex-assembly/include/unix-shell-4andup.ra
@@ -410,6 +410,7 @@ perl5@
 perl@
 perlsh
 perms@
+piconv
 pftp@
 pgrep@
 php-cgi
@@ -549,6 +550,7 @@ tshark
 ulimit@
 uname@
 uncompress@
+uconv
 unexpand
 uniq@
 unlink@
diff --git a/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
index 437e7e7795..f604e8f500 100644
--- a/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
+++ b/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
@@ -183,7 +183,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?
 # (consult https://coreruleset.org/docs/development/regex_assembly/ for details):
 #   crs-toolchain regex update 932235
 #
-SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\s\x0b&\),<>\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|nsible|p(?:parmor_[^\s\x0b]{1,10}\b|t(?:-get|itude[\s\x0b&\),<>\|]))|r(?:ch[\s\x0b&\),<>\|]|ia2c|j(?:-register|disp))|s(?:cii(?:-xfr|85)|pell)|u(?:ditctl|repot|search))|b(?:a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|])|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more))|c(?:[89]9-gcc|a(?:ncel|psh)[\s\x0b&\),<>\|]|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|p(?:(?:an|io)[\s\x0b&\),<>\|]|ulimit)|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab))|s(?:cli[\s\x0b&\),<>\|]|plit|vtool)|u(?:psfilter|rl[\s\x0b&\),<>\|]))|d(?:(?:ash|i(?:alog|ff)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:2fsck|asy_install|(?:cho|fax|grep|macs|sac|val)[\s\x0b&\),<>\|]|n(?:d(?:if|sw)[\s\x0b&\),<>\|]|v-update)|x(?:(?:ec|p(?:and|(?:ec|or)t|r))[\s\x0b&\),<>\|]|iftool))|f(?:acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|(?:etch|grep|lock|unction)[\s\x0b&\),<>\|]|i(?:le(?:[\s\x0b&\),<>\|]|test)|(?:n(?:d|ger)|sh)[\s\x0b&\),<>\|])|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|]|tp(?:stats|who))|g(?:(?:awk|core|i(?:mp|nsh)|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:cat|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:conv|nstall)[\s\x0b&\),<>\|]|f(?:config|top[\s\x0b&\),<>\|])|onice|p(?:6?tables|config|p(?:eveprinter|find|tool))|spell)|j(?:(?:ava|exec)[\s\x0b&\),<>\|]|o(?:in[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|]|sshell)|l(?:a(?:st(?:comm[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|dconfig|ess(?:echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:cate|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\s\x0b&\),<>\|]|b_release)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|ynx[\s\x0b&\),<>\|]|z(?:4c(?:[\s\x0b&\),<>\|]|at)|c(?:at|mp)[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore)))|m(?:(?:a(?:il[qx]?|ke|wk)|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:no|sm|wk)|ice|map|o(?:de|hup)|ping|roff)[\s\x0b&\),<>\|]|c(?:\.(?:openbsd|traditional)|at[\s\x0b&\),<>\|])|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:ctave[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:cman|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|(?:(?:ft|gre)p|opd|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:-cgi|[57][\s\x0b&\),<>\|])|i(?:(?:co|gz|ng6?)[\s\x0b&\),<>\|]|dstat)|k(?:exec|g_?info|ill[\s\x0b&\),<>\|])|rint(?:env|f[\s\x0b&\),<>\|])|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|tar(?:[\s\x0b&\),<>\|]|diff|grep)|y(?:3?versions|thon(?:[23]|[^\s\x0b]{1,10}\b)))|r(?:(?:ak[eu]|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:a(?:delf|lpath)|(?:(?:boo|dcarpe)t|name|p(?:eat|lace))[\s\x0b&\),<>\|]|stic)|l(?:ogin|wrap)|m(?:dir[\s\x0b&\),<>\|]|t-(?:dump|tar)|user)|pm(?:db[\s\x0b&\),<>\|]|(?:quer|verif)y)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:ndmail|rvice)[\s\x0b&\),<>\|]|t(?:arch|cap|env|facl[\s\x0b&\),<>\|]|sid))|h(?:\.distrib|u(?:f|tdown)[\s\x0b&\),<>\|])|mbclient|o(?:(?:ca|r)t[\s\x0b&\),<>\|]|elim)|qlite3|sh(?:-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass)|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|udo(?:-rs|[\s\x0b&\),<>_\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:ilf?[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|elnet|(?:ftp|mux|ouch)[\s\x0b&\),<>\|]|ime(?:datectl|out[\s\x0b&\),<>\|])|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:limit[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|p(?:2date[\s\x0b&\),<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|mdiff|sudo(?:-rs)?)|olatility[\s\x0b&\),<>\|])|w(?:(?:all|get)[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:args|pad|term)[\s\x0b&\),<>\|]|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|])|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more))|z(?:athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\s\x0b&\),<>\|])|s(?:oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|ypper))" \
+SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\s\x0b&\),<>\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|nsible|p(?:parmor_[^\s\x0b]{1,10}\b|t(?:-get|itude[\s\x0b&\),<>\|]))|r(?:ch[\s\x0b&\),<>\|]|ia2c|j(?:-register|disp))|s(?:cii(?:-xfr|85)|pell)|u(?:ditctl|repot|search))|b(?:a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|])|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more))|c(?:[89]9-gcc|a(?:ncel|psh)[\s\x0b&\),<>\|]|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|p(?:(?:an|io)[\s\x0b&\),<>\|]|ulimit)|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab))|s(?:cli[\s\x0b&\),<>\|]|plit|vtool)|u(?:psfilter|rl[\s\x0b&\),<>\|]))|d(?:(?:ash|i(?:alog|ff)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:2fsck|asy_install|(?:cho|fax|grep|macs|sac|val)[\s\x0b&\),<>\|]|n(?:d(?:if|sw)[\s\x0b&\),<>\|]|v-update)|x(?:(?:ec|p(?:and|(?:ec|or)t|r))[\s\x0b&\),<>\|]|iftool))|f(?:acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|(?:etch|grep|lock|unction)[\s\x0b&\),<>\|]|i(?:le(?:[\s\x0b&\),<>\|]|test)|(?:n(?:d|ger)|sh)[\s\x0b&\),<>\|])|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|]|tp(?:stats|who))|g(?:(?:awk|core|i(?:mp|nsh)|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:cat|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:conv|nstall)[\s\x0b&\),<>\|]|f(?:config|top[\s\x0b&\),<>\|])|onice|p(?:6?tables|config|p(?:eveprinter|find|tool))|spell)|j(?:(?:ava|exec)[\s\x0b&\),<>\|]|o(?:in[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|]|sshell)|l(?:a(?:st(?:comm[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|dconfig|ess(?:echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:cate|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\s\x0b&\),<>\|]|b_release)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|ynx[\s\x0b&\),<>\|]|z(?:4c(?:[\s\x0b&\),<>\|]|at)|c(?:at|mp)[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore)))|m(?:(?:a(?:il[qx]?|ke|wk)|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:no|sm|wk)|ice|map|o(?:de|hup)|ping|roff)[\s\x0b&\),<>\|]|c(?:\.(?:openbsd|traditional)|at[\s\x0b&\),<>\|])|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:ctave[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:cman|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|i(?:co(?:nv|[\s\x0b&\),<>\|])|dstat|(?:gz|ng6?)[\s\x0b&\),<>\|])|(?:(?:ft|gre)p|opd|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:-cgi|[57][\s\x0b&\),<>\|])|k(?:exec|g_?info|ill[\s\x0b&\),<>\|])|rint(?:env|f[\s\x0b&\),<>\|])|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|tar(?:[\s\x0b&\),<>\|]|diff|grep)|y(?:3?versions|thon(?:[23]|[^\s\x0b]{1,10}\b)))|r(?:(?:ak[eu]|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:a(?:delf|lpath)|(?:(?:boo|dcarpe)t|name|p(?:eat|lace))[\s\x0b&\),<>\|]|stic)|l(?:ogin|wrap)|m(?:dir[\s\x0b&\),<>\|]|t-(?:dump|tar)|user)|pm(?:db[\s\x0b&\),<>\|]|(?:quer|verif)y)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:ndmail|rvice)[\s\x0b&\),<>\|]|t(?:arch|cap|env|facl[\s\x0b&\),<>\|]|sid))|h(?:\.distrib|u(?:f|tdown)[\s\x0b&\),<>\|])|mbclient|o(?:(?:ca|r)t[\s\x0b&\),<>\|]|elim)|qlite3|sh(?:-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass)|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|udo(?:-rs|[\s\x0b&\),<>_\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:ilf?[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|elnet|(?:ftp|mux|ouch)[\s\x0b&\),<>\|]|ime(?:datectl|out[\s\x0b&\),<>\|])|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:limit[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|conv|p(?:2date[\s\x0b&\),<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|mdiff|sudo(?:-rs)?)|olatility[\s\x0b&\),<>\|])|w(?:(?:all|get)[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:args|pad|term)[\s\x0b&\),<>\|]|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|])|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more))|z(?:athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\s\x0b&\),<>\|])|s(?:oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|ypper))" \
     "id:932235,\
     phase:2,\
     block,\
@@ -564,7 +564,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?
 # (consult https://coreruleset.org/docs/development/regex_assembly/ for details):
 #   crs-toolchain regex update 932260
 #
-SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:a(?:ddgroup|nsible|pparmor_[^\s\x0b]{1,10}\b|rj(?:-register|disp)|tobm[\s\x0b&\),<>\|]|u(?:ditctl|repot|search))|b(?:ase(?:32|64|nc)|(?:lkid|rwap|yobu)[\s\x0b&\),<>\|]|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more))|c(?:[89]9-gcc|h(?:(?:attr|mod|o(?:om|wn)|sh)[\s\x0b&\),<>\|]|ef-|g(?:passwd|rp[\s\x0b&\),<>\|])|pass)|lang\+\+|o(?:bc(?:[\s\x0b&\),<>\|]|run)|mm[\s\x0b&\),<>\|]|proc)|(?:p(?:an|io)|scli)[\s\x0b&\),<>\|])|d(?:(?:iff|mesg|vips)[\s\x0b&\),<>\|]|o(?:as[\s\x0b&\),<>\|]|cker-)|pkg[\s\x0b&\),\-<>\|])|e(?:2fsck|(?:fax|grep|macs|nd(?:if|sw)|sac|xpr)[\s\x0b&\),<>\|])|f(?:d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|grep[\s\x0b&\),<>\|]|iletest|ping[\s\x0b&\),6<>\|]|tp(?:stats|who))|g(?:(?:core|insh|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|(?:etca|unzi)p|hc(?:-[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:cat|ep)[\s\x0b&\),<>\|]|oupmod))|(?:htop|jexec)[\s\x0b&\),<>\|]|i(?:(?:conv|ftop)[\s\x0b&\),<>\|]|pp(?:eveprinter|find|tool))|l(?:ast(?:comm[\s\x0b&\),<>\|]|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|osetup|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\s\x0b&\),<>\|]|b_release)|wp-download|z(?:4c(?:[\s\x0b&\),<>\|]|at)|c(?:at|mp)[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore)))|m(?:a(?:ilq|wk)[\s\x0b&\),<>\|]|k(?:fifo|nod[\s\x0b&\),<>\|]|temp)|locate|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:sm|wk)|(?:ma|ohu)p|ping|roff|stat)[\s\x0b&\),<>\|]|c(?:\.(?:openbsd|traditional)|at[\s\x0b&\),<>\|])|et(?:(?:c|st)at|kit-ftp|plan))|o(?:nintr|pkg[\s\x0b&\),<>\|])|p(?:d(?:b(?:2mb|3[\s\x0b&\),\.<>\|])|ksh[\s\x0b&\),<>\|])|(?:er(?:f|l5?)|(?:ft|gre)p|i(?:gz|ng6)|(?:op|ush)d|s(?:ed|ql))[\s\x0b&\),<>\|]|hp(?:-cgi|[57][\s\x0b&\),<>\|])|k(?:exec|ill[\s\x0b&\),<>\|])|rint(?:env|f[\s\x0b&\),<>\|])|tar(?:[\s\x0b&\),<>\|]|diff|grep)|y(?:3?versions|thon[23]))|r(?:(?:aku|bash|nano|pmdb|unc|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:alpath|boot[\s\x0b&\),<>\|])|m(?:dir[\s\x0b&\),<>\|]|t-(?:dump|tar)|user)|sync(?:-ssl|[\s\x0b&\),<>\|]))|s(?:(?:diff|ftp|lsh|ocat)[\s\x0b&\),<>\|]|e(?:ndmail[\s\x0b&\),<>\|]|t(?:cap|env|sid))|h(?:\.distrib|uf[\s\x0b&\),<>\|])|sh-(?:a(?:dd|gent)|copy-id)|udo(?:-rs|[\s\x0b&\),<>_\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ysctl)|t(?:(?:ailf|ftp|imeout|mux)[\s\x0b&\),<>\|]|c(?:l?sh[\s\x0b&\),<>\|]|p(?:ing|traceroute))|elnet|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|]))|u(?:n(?:(?:ame|iq|rar|xz)[\s\x0b&\),<>\|]|lz(?:4[\s\x0b&\),<>\|]|ma)|pigz|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:(?:gr|pw|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|w(?:get[\s\x0b&\),<>\|]|ho(?:ami|is[\s\x0b&\),<>\|]))|x(?:(?:args|etex|more|pad|term)[\s\x0b&\),<>\|]|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more))|z(?:(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\s\x0b&\),<>\|])|std(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less)))" \
+SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:a(?:ddgroup|nsible|pparmor_[^\s\x0b]{1,10}\b|rj(?:-register|disp)|tobm[\s\x0b&\),<>\|]|u(?:ditctl|repot|search))|b(?:ase(?:32|64|nc)|(?:lkid|rwap|yobu)[\s\x0b&\),<>\|]|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more))|c(?:[89]9-gcc|h(?:(?:attr|mod|o(?:om|wn)|sh)[\s\x0b&\),<>\|]|ef-|g(?:passwd|rp[\s\x0b&\),<>\|])|pass)|lang\+\+|o(?:bc(?:[\s\x0b&\),<>\|]|run)|mm[\s\x0b&\),<>\|]|proc)|(?:p(?:an|io)|scli)[\s\x0b&\),<>\|])|d(?:(?:iff|mesg|vips)[\s\x0b&\),<>\|]|o(?:as[\s\x0b&\),<>\|]|cker-)|pkg[\s\x0b&\),\-<>\|])|e(?:2fsck|(?:fax|grep|macs|nd(?:if|sw)|sac|xpr)[\s\x0b&\),<>\|])|f(?:d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|grep[\s\x0b&\),<>\|]|iletest|ping[\s\x0b&\),6<>\|]|tp(?:stats|who))|g(?:(?:core|insh|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|(?:etca|unzi)p|hc(?:-[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:cat|ep)[\s\x0b&\),<>\|]|oupmod))|(?:htop|jexec)[\s\x0b&\),<>\|]|i(?:(?:conv|ftop)[\s\x0b&\),<>\|]|pp(?:eveprinter|find|tool))|l(?:ast(?:comm[\s\x0b&\),<>\|]|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|osetup|s(?:(?:-F|cpu|hw|mod|of|pci|usb)[\s\x0b&\),<>\|]|b_release)|wp-download|z(?:4c(?:[\s\x0b&\),<>\|]|at)|c(?:at|mp)[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore)))|m(?:a(?:ilq|wk)[\s\x0b&\),<>\|]|k(?:fifo|nod[\s\x0b&\),<>\|]|temp)|locate|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:(?:a(?:sm|wk)|(?:ma|ohu)p|ping|roff|stat)[\s\x0b&\),<>\|]|c(?:\.(?:openbsd|traditional)|at[\s\x0b&\),<>\|])|et(?:(?:c|st)at|kit-ftp|plan))|o(?:nintr|pkg[\s\x0b&\),<>\|])|p(?:d(?:b(?:2mb|3[\s\x0b&\),\.<>\|])|ksh[\s\x0b&\),<>\|])|(?:er(?:f|l5?)|(?:ft|gre)p|(?:op|ush)d|s(?:ed|ql))[\s\x0b&\),<>\|]|i(?:conv|(?:gz|ng6)[\s\x0b&\),<>\|])|hp(?:-cgi|[57][\s\x0b&\),<>\|])|k(?:exec|ill[\s\x0b&\),<>\|])|rint(?:env|f[\s\x0b&\),<>\|])|tar(?:[\s\x0b&\),<>\|]|diff|grep)|y(?:3?versions|thon[23]))|r(?:(?:aku|bash|nano|pmdb|unc|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:alpath|boot[\s\x0b&\),<>\|])|m(?:dir[\s\x0b&\),<>\|]|t-(?:dump|tar)|user)|sync(?:-ssl|[\s\x0b&\),<>\|]))|s(?:(?:diff|ftp|lsh|ocat)[\s\x0b&\),<>\|]|e(?:ndmail[\s\x0b&\),<>\|]|t(?:cap|env|sid))|h(?:\.distrib|uf[\s\x0b&\),<>\|])|sh-(?:a(?:dd|gent)|copy-id)|udo(?:-rs|[\s\x0b&\),<>_\|]|edit|replay)|vn(?:a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|ysctl)|t(?:(?:ailf|ftp|imeout|mux)[\s\x0b&\),<>\|]|c(?:l?sh[\s\x0b&\),<>\|]|p(?:ing|traceroute))|elnet|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|]))|u(?:n(?:(?:ame|iq|rar|xz)[\s\x0b&\),<>\|]|lz(?:4[\s\x0b&\),<>\|]|ma)|pigz|zstd)|conv|ser(?:(?:ad|mo)d|del))|vi(?:(?:gr|pw|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|w(?:get[\s\x0b&\),<>\|]|ho(?:ami|is[\s\x0b&\),<>\|]))|x(?:(?:args|etex|more|pad|term)[\s\x0b&\),<>\|]|z(?:c(?:at|mp)[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more))|z(?:(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|mo(?:dload|re[\s\x0b&\),<>\|])|std(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less)))" \
     "id:932260,\
     phase:2,\
     block,\
@@ -1676,7 +1676,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?is)\
 # (consult https://coreruleset.org/docs/development/regex_assembly/ for details):
 #   crs-toolchain regex update 932236
 #
-SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|p(?:t(?:[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:(?:t|rl)[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|inks|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat)|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|y(?:3?versions|thon(?:[23]|[^\s\x0b]{1,10}\b)))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:datectl|out[\s\x0b&\),<>\|]))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\),<>\|]|diff)|(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:3m|c|a(?:ll|tch)|get)[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))" \
+SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|p(?:t(?:[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:(?:t|rl)[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|inks|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:c(?:[\s\x0b&\),<>\|]|o(?:nv|[\s\x0b&\),<>\|]))|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat|(?:gz|ng6?)[\s\x0b&\),<>\|])|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|y(?:3?versions|thon(?:[23]|[^\s\x0b]{1,10}\b)))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|(?:ft|na)p|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:datectl|out[\s\x0b&\),<>\|]))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|conv|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\),<>\|]|diff)|(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:3m|c|a(?:ll|tch)|get)[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))" \
     "id:932236,\
     phase:2,\
     block,\
@@ -1740,7 +1740,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?
 # (consult https://coreruleset.org/docs/development/regex_assembly/ for details):
 #   crs-toolchain regex update 932239
 #
-SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|p(?:t(?:[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:t[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat)|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:datectl|out[\s\x0b&\),<>\|]))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\),<>\|]|diff)|(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:c|a(?:ll|tch))[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))" \
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[\s\x0b&\),<>\|].*|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'[^']*'|\"[^\"]*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|w[ks]|l(?:ias|pine)|tobm|xel)[\s\x0b&\),<>\|]|p(?:t(?:[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:t[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:squitto|unt[\s\x0b&\),<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:c(?:[\s\x0b&\),<>\|]|o(?:nv|[\s\x0b&\),<>\|]))|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat|(?:gz|ng6?)[\s\x0b&\),<>\|])|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|s(?:(?:ed|ql)[\s\x0b&\),<>\|]|ftp)|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:datectl|out[\s\x0b&\),<>\|]))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|conv|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\),<>\|]|diff)|(?:[ep]w|gr|rsh)[\s\x0b&\),<>\|]|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:c|a(?:ll|tch))[\s\x0b&\),<>\|]|h(?:iptail[\s\x0b&\),<>\|]|o(?:ami|is[\s\x0b&\),<>\|]))|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))" \
     "id:932239,\
     phase:1,\
     block,\
@@ -1902,7 +1902,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:b[\
 # (consult https://coreruleset.org/docs/development/regex_assembly/ for details):
 #   crs-toolchain regex update 932237
 #
-SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)\b(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|t(?:obm)?|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\),<>\|]|p(?:t(?:(?:itude)?[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h?[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:t[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|nf[\s\x0b&\),<>\|]?|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:(?:re|unt)[\s\x0b&\),<>\|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|cman|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:(?:co?|gz|ng6?)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat)|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|s(?:(?:ed|ql)?[\s\x0b&\),<>\|]|ftp)|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:(?:out)?[\s\x0b&\),<>\|]|datectl))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|p(?:2date[\s\x0b&\),<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:[ep]w|gr|rsh)?[\s\x0b&\),<>\|]|m(?:[\s\x0b&\),<>\|]|diff)|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:c|a(?:ll|tch))?[\s\x0b&\),<>\|]|h(?:o(?:(?:is)?[\s\x0b&\),<>\|]|ami)?|iptail[\s\x0b&\),<>\|])|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))(?:\b|[^0-9A-Z_a-z])" \
+SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)\b(?:(?:7z[arx]?|(?:GE|POS)T|y(?:e(?:s|lp)|um|arn)|HEAD)[\s\x0b&\),<>\|]|a(?:a-[^\s\x0b]{1,10}\b|(?:b|t(?:obm)?|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\),<>\|]|p(?:t(?:(?:itude)?[\s\x0b&\),<>\|]|-get)|parmor_[^\s\x0b]{1,10}\b)|r(?:(?:p|ch)?[\s\x0b&\),<>\|]|j(?:[\s\x0b&\),<>\|]|-register|disp)|ia2c)|s(?:h?[\s\x0b&\),<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|u(?:ditctl|repot|search))|b(?:z(?:(?:z|c(?:at|mp))[\s\x0b&\),<>\|]|diff|e(?:grep|xe[\s\x0b&\),<>\|])|f?grep|ip2(?:[\s\x0b&\),<>\|]|recover)|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\),<>\|]|c))|h[\s\x0b&\),<>\|])|tch[\s\x0b&\),<>\|])|lkid[\s\x0b&\),<>\|]|pftrace|r(?:eaksw|(?:idge|wap)[\s\x0b&\),<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\),<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu[\s\x0b&\),<>\|]))|c(?:[89]9(?:[\s\x0b&\),<>\|]|-gcc)|(?:a(?:t|ncel|psh)|c|mp)[\s\x0b&\),<>\|]|p(?:(?:an|io)?[\s\x0b&\),<>\|]|ulimit)|s(?:(?:h|cli)[\s\x0b&\),<>\|]|plit|vtool)|u(?:t[\s\x0b&\),<>\|]|psfilter)|ertbot|h(?:(?:(?:att|di)r|mod|o(?:om|wn)|root|sh)[\s\x0b&\),<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\),\-<>\|])|(?:flag|pas)s|g(?:passwd|rp[\s\x0b&\),<>\|]))|lang(?:\+\+|[\s\x0b&\),<>\|])|o(?:bc(?:[\s\x0b&\),<>\|]|run)|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\),<>\|]|proc|w(?:say|think))|r(?:ash[\s\x0b&\),<>\|]|on(?:[\s\x0b&\),<>\|]|tab)))|d(?:(?:[dfu]|i(?:(?:alo)?g|r|ff)|a(?:sh|te)|vips)[\s\x0b&\),<>\|]|nf[\s\x0b&\),<>\|]?|hclient|m(?:esg[\s\x0b&\),<>\|]|idecode|setup)|o(?:(?:as|ne)[\s\x0b&\),<>\|]|cker[\s\x0b&\),\-<>\|]|sbox)|pkg[\s\x0b&\),\-<>\|])|e(?:(?:[bd]|qn|s(?:h|ac)?|cho|fax|grep|macs|val)[\s\x0b&\),<>\|]|n(?:v(?:[\s\x0b&\),<>\|]|-update)|d(?:if|sw)[\s\x0b&\),<>\|])|x(?:(?:ec|p(?:and|(?:ec|or)t|r))?[\s\x0b&\),<>\|]|iftool)|2fsck|asy_install)|f(?:(?:c|g(?:rep)?|mt|etch|lock|unction)[\s\x0b&\),<>\|]|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\),<>\|]|le(?:[\s\x0b&\),<>\|]|test))|tp(?:[\s\x0b&\),<>\|]|stats|who)|acter|d(?:(?:find|isk)[\s\x0b&\),<>\|]|u?mount)|o(?:ld[\s\x0b&\),<>\|]|reach)|ping[\s\x0b&\),6<>\|])|g(?:c(?:c[^\s\x0b]{1,10}\b|ore[\s\x0b&\),<>\|])|(?:db|i(?:t|mp|nsh)|o|pg|awk|z(?:cat|exe|ip))[\s\x0b&\),<>\|]|e(?:m[\s\x0b&\),<>\|]|ni(?:e[\s\x0b&\),<>\|]|soimage)|t(?:cap|facl[\s\x0b&\),<>\|]))|hc(?:-?[\s\x0b&\),<>\|]|i[\s\x0b&\),\-<>\|])|r(?:(?:c(?:at)?|ep)[\s\x0b&\),<>\|]|oupmod)|tester|unzip)|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\),<>\|]|e(?:ad[\s\x0b&\),<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op[\s\x0b&\),<>\|]|passwd))|i(?:(?:d|rb|conv|nstall)[\s\x0b&\),<>\|]|p(?:[\s\x0b&\),<>\|]|6?tables|config|p(?:eveprinter|find|tool))|f(?:config|top[\s\x0b&\),<>\|])|onice|spell)|j(?:(?:js|q|ava|exec)[\s\x0b&\),<>\|]|o(?:(?:bs|in)[\s\x0b&\),<>\|]|urnalctl)|runscript)|k(?:s(?:h[\s\x0b&\),<>\|]|shell)|ill(?:[\s\x0b&\),<>\|]|all)|nife[\s\x0b&\),<>\|])|l(?:d(?:d?[\s\x0b&\),<>\|]|config)|(?:[np]|ynx)[\s\x0b&\),<>\|]|s(?:(?:-F|cpu|hw|mod|of|pci|usb)?[\s\x0b&\),<>\|]|b_release)|ua(?:[\s\x0b&\),<>\|]|(?:la)?tex)|z(?:4(?:[\s\x0b&\),<>\|]|c(?:[\s\x0b&\),<>\|]|at))|(?:c(?:at|mp))?[\s\x0b&\),<>\|]|diff|[ef]?grep|less|m(?:a(?:[\s\x0b&\),<>\|]|dec|info)|ore))|a(?:st(?:(?:comm)?[\s\x0b&\),<>\|]|log(?:in)?)|tex[\s\x0b&\),<>\|])|ess(?:[\s\x0b&\),<>\|]|echo|(?:fil|pip)e)|ftp(?:[\s\x0b&\),<>\|]|get)|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\),<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:(?:a(?:n|il[qx]?|ke|wk)|tr|v|utt)[\s\x0b&\),<>\|]|k(?:(?:dir|nod)[\s\x0b&\),<>\|]|fifo|temp)|locate|o(?:(?:re|unt)[\s\x0b&\),<>\|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:[\s\x0b&\),<>\|]|admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:(?:at)?[\s\x0b&\),<>\|]|\.(?:openbsd|traditional))|e(?:t(?:[\s\x0b&\),<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:l|m(?:ap)?|p(?:m|ing)|a(?:no|sm|wk)|ice|o(?:de|hup)|roff)[\s\x0b&\),<>\|]|s(?:enter|lookup|tat[\s\x0b&\),<>\|]))|o(?:(?:d|ctave)[\s\x0b&\),<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg[\s\x0b&\),<>\|]))|p(?:a(?:(?:x|cman|rted|tch)[\s\x0b&\),<>\|]|s(?:swd|te[\s\x0b&\),<>\|]))|d(?:b(?:[\s\x0b&\),<>\|]|2mb|3[\s\x0b&\),\.<>\|])|f(?:la)?tex|ksh[\s\x0b&\),<>\|])|(?:f(?:tp)?|g(?:rep)?|(?:w|op)d|xz|u(?:ppet|shd))[\s\x0b&\),<>\|]|hp(?:[57]?[\s\x0b&\),<>\|]|-cgi)|i(?:c(?:[\s\x0b&\),<>\|]|o(?:nv|[\s\x0b&\),<>\|]))|p(?:[\s\x0b&\),<>\|]|[^\s\x0b]{1,10}\b)|dstat|(?:gz|ng6?)[\s\x0b&\),<>\|])|k(?:g(?:[\s\x0b&\),<>\|]|_?info)|exec|ill[\s\x0b&\),<>\|])|r(?:y?[\s\x0b&\),<>\|]|int(?:env|f[\s\x0b&\),<>\|]))|s(?:(?:ed|ql)?[\s\x0b&\),<>\|]|ftp)|t(?:x[\s\x0b&\),<>\|]|ar(?:[\s\x0b&\),<>\|]|diff|grep))|er(?:(?:f|ms)[\s\x0b&\),<>\|]|l(?:5?[\s\x0b&\),<>\|]|sh))|y(?:3?versions|thon[23]))|r(?:(?:a(?:r|k[eu])|cp?|bash|nano|oute|vi(?:ew|m))[\s\x0b&\),<>\|]|e(?:(?:d(?:carpet)?|v|boot|name|p(?:eat|lace))[\s\x0b&\),<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\),<>\|]|t(?:[\s\x0b&\),<>\|]|-(?:dump|tar))|user)|pm(?:(?:db)?[\s\x0b&\),<>\|]|(?:quer|verif)y)|l(?:ogin|wrap)|sync(?:-ssl|[\s\x0b&\),<>\|])|u(?:by[^\s\x0b]{1,10}\b|n(?:-(?:mailcap|parts)|c[\s\x0b&\),<>\|])))|s(?:(?:c(?:p|hed|r(?:een|ipt))|g|ash|diff|ftp|l(?:eep|sh)|plit)[\s\x0b&\),<>\|]|e(?:(?:d|ndmail|rvice)[\s\x0b&\),<>\|]|t(?:(?:facl)?[\s\x0b&\),<>\|]|arch|cap|env|sid))|h(?:(?:u(?:f|tdown))?[\s\x0b&\),<>\|]|\.distrib)|s(?:[\s\x0b&\),<>\|]|h(?:[\s\x0b&\),<>\|]|-(?:a(?:dd|gent)|copy-id|key(?:ge|sca)n)|pass))|u(?:[\s\x0b&\),<>\|]|do(?:-rs|[\s\x0b&\),<>_\|]|edit|replay))|vn(?:[\s\x0b&\),<>\|]|a(?:dmin|uthz)|bench|dumpfilter|fsfs|look|mucc|rdump|s(?:erve|ync)|version)|mbclient|o(?:(?:(?:ca|r)t|urce)[\s\x0b&\),<>\|]|elim)|qlite3|t(?:art-stop-daemon|dbuf|r(?:ace|ings[\s\x0b&\),<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:(?:[cr]|ilf?)[\s\x0b&\),<>\|]|sk(?:[\s\x0b&\),<>\|]|set))|(?:bl|o(?:p|uch)|ftp|mux)[\s\x0b&\),<>\|]|e(?:[ex][\s\x0b&\),<>\|]|lnet)|i(?:c[\s\x0b&\),<>\|]|me(?:(?:out)?[\s\x0b&\),<>\|]|datectl))|c(?:l?sh[\s\x0b&\),<>\|]|p(?:dump|ing|traceroute))|r(?:a(?:ceroute6?|p[\s\x0b&\),<>\|])|off[\s\x0b&\),<>\|])|shark)|u(?:l(?:imit)?[\s\x0b&\),<>\|]|n(?:(?:ame|compress|iq|rar|s(?:et|hare)|xz)[\s\x0b&\),<>\|]|expand|l(?:ink[\s\x0b&\),<>\|]|z(?:4[\s\x0b&\),<>\|]|ma))|pigz|z(?:ip[\s\x0b&\),<>\|]|std))|conv|p(?:2date[\s\x0b&\),<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:[ep]w|gr|rsh)?[\s\x0b&\),<>\|]|m(?:[\s\x0b&\),<>\|]|diff)|sudo(?:-rs)?)|algrind|olatility[\s\x0b&\),<>\|])|w(?:(?:c|a(?:ll|tch))?[\s\x0b&\),<>\|]|h(?:o(?:(?:is)?[\s\x0b&\),<>\|]|ami)?|iptail[\s\x0b&\),<>\|])|i(?:reshark|sh[\s\x0b&\),<>\|]))|x(?:(?:(?:x|pa)d|args|term)[\s\x0b&\),<>\|]|z(?:(?:c(?:at|mp))?[\s\x0b&\),<>\|]|d(?:ec[\s\x0b&\),<>\|]|iff)|[ef]?grep|less|more)|e(?:latex|tex[\s\x0b&\),<>\|])|mo(?:dmap|re[\s\x0b&\),<>\|]))|z(?:ip(?:[\s\x0b&\),<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h[\s\x0b&\),<>\|]|oelim|td(?:[\s\x0b&\),<>\|]|(?:ca|m)t|grep|less))|athura|(?:c(?:at|mp)|diff|grep|less|run)[\s\x0b&\),<>\|]|[ef]grep|mo(?:dload|re[\s\x0b&\),<>\|])|ypper))(?:\b|[^0-9A-Z_a-z])" \
     "id:932237,\
     phase:1,\
     block,\
diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml
index eaaece17e5..0f7e98580f 100644
--- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml
+++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml
@@ -1784,3 +1784,22 @@ tests:
         output:
           log:
             expect_ids: [932236]
+  - test_id: 99
+    desc: |
+      False negative issue #4542
+      uconv -f utf-8 -t utf-8 /etc/?asswd
+    stages:
+      - input:
+          dest_addr: 127.0.0.1
+          headers:
+            Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
+            Host: localhost
+            User-Agent: "OWASP CRS test agent"
+          method: POST
+          port: 80
+          uri: "/post"
+          version: HTTP/1.1
+          data: "arg=;uconv%20-f%20utf-8%20-t%20utf-8%20%2Fetc%2F%3Fasswd"
+        output:
+          log:
+            expect_ids: [932236]