muraena/config/watchdog.rules

#
# Muraena watchdog rules file
#
# The engine works in DEFAULT ALLOW mode.
#
# Syntax:
#   Match All [*] (Useful for creating a whitelist)
#   Match IP [e.g. 203.0.113.6 or 2001:db8::68]
#   Match IP Network [e.g.: 192.0.2.0/24 or ::1/128]
#   Match Hostname [e.g. crawl-66-249-66-1.googlebot.com]
#   Match Hostname RegExp [e.g.: ~ .*\.cox\.net]
#   Match Geofence [e.g.: @ 39.377297 -74.451082 (7km)]
#	Match User-Agent [e.g.: > AdsBot-Google-Mobile]
#	Match User-Agent RegExp [e.g.: >~ Google]
#
# RegExp
#   Regexes are case sensitive, but it is possible to set a case-insensitive flag as the first item in the regex:
#   >~ (?i)google
#
#
# Example 1:
# Block everything, only allow access from localhost:
#  *
#  ! ::1  		# Allow localhost IPv6
#  ! 127.0.0.1	# Allow localhost IPv4
#
# Interactive Prompt:
# You can interact with watchdog by typing in the prompt: watchdog
#


# Official list of user agents that are regarded as robots/spiders by Project COUNTER
# https://raw.githubusercontent.com/atmire/COUNTER-Robots/master/generated/COUNTER_Robots_list.txt
>~ (?i)bot
>~ (?i)^Buck\/[0-9]
>~ (?i)spider
>~ (?i)crawl
>~ (?i)^.?$
>~ (?i)[^a]fish
>~ (?i)^IDA$
>~ (?i)^ruby$
>~ (?i)^@ozilla\/\d
>~ (?i)^脝脝陆芒潞贸碌脛$
>~ (?i)^破解后的$
>~ (?i)AddThis
>~ (?i)A6-Indexer
>~ (?i)ADmantX
>~ (?i)alexa
>~ (?i)Alexandria(\s|\+)prototype(\s|\+)project
>~ (?i)AllenTrack
>~ (?i)almaden
>~ (?i)appie
>~ (?i)API[\+\s]scraper
>~ (?i)Arachni
>~ (?i)Arachmo
>~ (?i)architext
>~ (?i)ArchiveTeam
>~ (?i)aria2\/\d
>~ (?i)arks
>~ (?i)^Array$
>~ (?i)asterias
>~ (?i)atomz
>~ (?i)BDFetch
>~ (?i)Betsie
>~ (?i)baidu
>~ (?i)biglotron
>~ (?i)BingPreview
>~ (?i)binlar
>~ (?i)bjaaland
>~ (?i)Blackboard[\+\s]Safeassign
>~ (?i)blaiz-bee
>~ (?i)bloglines
>~ (?i)blogpulse
>~ (?i)boitho\.com-dc
>~ (?i)bookmark-manager
>~ (?i)Brutus\/AET
>~ (?i)BUbiNG
>~ (?i)bwh3_user_agent
>~ (?i)CakePHP
>~ (?i)celestial
>~ (?i)cfnetwork
>~ (?i)checklink
>~ (?i)checkprivacy
>~ (?i)China\sLocal\sBrowse\s2\.6
>~ (?i)Citoid
>~ (?i)cloakDetect
>~ (?i)coccoc\/1\.0
>~ (?i)Code\sSample\sWeb\sClient
>~ (?i)ColdFusion
>~ (?i)collection@infegy.com
>~ (?i)com\.plumanalytics
>~ (?i)combine
>~ (?i)contentmatch
>~ (?i)ContentSmartz
>~ (?i)convera
>~ (?i)core
>~ (?i)Cortana
>~ (?i)CoverScout
>~ (?i)crusty\/\d
>~ (?i)curl\/
>~ (?i)cursor
>~ (?i)custo
>~ (?i)DataCha0s\/2\.0
>~ (?i)daum(oa)?
>~ (?i)^\%?default\%?$
>~ (?i)DeuSu\/
>~ (?i)Dispatch\/\d
>~ (?i)Docoloc
>~ (?i)docomo
>~ (?i)Download\+Master
>~ (?i)Drupal
>~ (?i)DSurf
>~ (?i)DTS Agent
>~ (?i)EasyBib[\+\s]AutoCite[\+\s]
>~ (?i)easydl
>~ (?i)EBSCO\sEJS\sContent\sServer
>~ (?i)EcoSearch
>~ (?i)ELinks\/
>~ (?i)EmailSiphon
>~ (?i)EmailWolf
>~ (?i)Embedly
>~ (?i)EThOS\+\(British\+Library\)
>~ (?i)facebookexternalhit\/
>~ (?i)favorg
>~ (?i)FDM(\s|\+)\d
>~ (?i)Feedbin
>~ (?i)feedburner
>~ (?i)FeedFetcher
>~ (?i)feedreader
>~ (?i)ferret
>~ (?i)Fetch(\s|\+)API(\s|\+)Request
>~ (?i)findlinks
>~ (?i)findthatfile
>~ (?i)^FileDown$
>~ (?i)^Filter$
>~ (?i)^firefox$
>~ (?i)^FOCA
>~ (?i)Fulltext
>~ (?i)Funnelback
>~ (?i)Genieo
>~ (?i)GetRight
>~ (?i)geturl
>~ (?i)GigablastOpenSource
>~ (?i)G-i-g-a-b-o-t
>~ (?i)GLMSLinkAnalysis
>~ (?i)Goldfire(\s|\+)Server
>~ (?i)google
>~ (?i)Grammarly
>~ (?i)grub
>~ (?i)gulliver
>~ (?i)gvfs\/
>~ (?i)harvest
>~ (?i)heritrix
>~ (?i)holmes
>~ (?i)htdig
>~ (?i)htmlparser
>~ (?i)HttpComponents\/1.1
>~ (?i)HTTPFetcher
>~ (?i)http.?client
>~ (?i)httpget
>~ (?i)httrack
>~ (?i)ia_archiver
>~ (?i)ichiro
>~ (?i)iktomi
>~ (?i)ilse
>~ (?i)Indy Library
>~ (?i)^integrity\/\d
>~ (?i)internetseer
>~ (?i)intute
>~ (?i)iSiloX
>~ (?i)iskanie
>~ (?i)^java\/\d{1,2}.\d
>~ (?i)jeeves
>~ (?i)Jersey\/\d
>~ (?i)jobo
>~ (?i)kyluka
>~ (?i)larbin
>~ (?i)libcurl
>~ (?i)libhttp
>~ (?i)libwww
>~ (?i)lilina
>~ (?i)^LinkAnalyser
>~ (?i)link.?check
>~ (?i)LinkLint-checkonly
>~ (?i)^LinkParser\/
>~ (?i)^LinkSaver\/
>~ (?i)linkscan
>~ (?i)LinkTiger
>~ (?i)linkwalker
>~ (?i)lipperhey
>~ (?i)livejournal\.com
>~ (?i)LOCKSS
>~ (?i)LongURL.API
>~ (?i)ltx71
>~ (?i)lwp
>~ (?i)lycos[_+]
>~ (?i)mail\.ru
>~ (?i)MarcEdit
>~ (?i)mediapartners-google
>~ (?i)megite
>~ (?i)MetaURI[\+\s]API\/\d\.\d
>~ (?i)Microsoft(\s|\+)URL(\s|\+)Control
>~ (?i)Microsoft Office Existence Discovery
>~ (?i)Microsoft Office Protocol Discovery
>~ (?i)Microsoft-WebDAV-MiniRedir
>~ (?i)mimas
>~ (?i)mnogosearch
>~ (?i)moget
>~ (?i)motor
>~ (?i)^Mozilla$
>~ (?i)^Mozilla.4\.0$
>~ (?i)^Mozilla\/4\.0\+\(compatible;\)$
>~ (?i)^Mozilla\/4\.0\+\(compatible;\+ICS\)$
>~ (?i)^Mozilla\/4\.5\+\[en]\+\(Win98;\+I\)$
>~ (?i)^Mozilla.5\.0$
>~ (?i)^Mozilla\/5.0\+\(compatible;\+MSIE\+6\.0;\+Windows\+NT\+5\.0\)$
>~ (?i)^Mozilla\/5\.0\+like\+Gecko$
>~ (?i)^Mozilla\/5.0(\s|\+)Gecko\/20100115(\s|\+)Firefox\/3.6$
>~ (?i)^MSIE
>~ (?i)MuscatFerre
>~ (?i)myweb
>~ (?i)nagios
>~ (?i)^NetAnts\/\d
>~ (?i)netcraft
>~ (?i)netluchs
>~ (?i)newspaper\/\d
>~ (?i)ng\/2\.
>~ (?i)^Ning\/\d
>~ (?i)no_user_agent
>~ (?i)nomad
>~ (?i)nutch
>~ (?i)^oaDOI$
>~ (?i)ocelli
>~ (?i)Offline(\s|\+)Navigator
>~ (?i)OgScrper
>~ (?i)okhttp
>~ (?i)onetszukaj
>~ (?i)^Opera\/4$
>~ (?i)OurBrowser
>~ (?i)panscient
>~ (?i)parsijoo
>~ (?i)^Pattern\/\d
>~ (?i)Pcore-HTTP
>~ (?i)pear\.php\.net
>~ (?i)perman
>~ (?i)PHP\/
>~ (?i)pidcheck
>~ (?i)pioneer
>~ (?i)playmusic\.com
>~ (?i)playstarmusic\.com
>~ (?i)^Postgenomic(\s|\+)v2
>~ (?i)powermarks
>~ (?i)proximic
>~ (?i)PycURL
>~ (?i)python
>~ (?i)Qwantify
>~ (?i)rambler
>~ (?i)ReactorNetty\/\d
>~ (?i)Readpaper
>~ (?i)redalert
>~ (?i)Riddler
>~ (?i)robozilla
>~ (?i)rss
>~ (?i)scan4mail
>~ (?i)scientificcommons
>~ (?i)scirus
>~ (?i)scooter
>~ (?i)Scrapy\/\d
>~ (?i)ScoutJet
>~ (?i)^scrutiny\/\d
>~ (?i)SearchBloxIntra
>~ (?i)shoutcast
>~ (?i)Site24x7
>~ (?i)SkypeUriPreview
>~ (?i)slurp
>~ (?i)sogou
>~ (?i)speedy
>~ (?i)sqlmap
>~ (?i)SrceDAMP
>~ (?i)Strider
>~ (?i)summify
>~ (?i)sunrise
>~ (?i)Sysomos
>~ (?i)T\-H\-U\-N\-D\-E\-R\-S\-T\-O\-N\-E
>~ (?i)tailrank
>~ (?i)Teleport(\s|\+)Pro
>~ (?i)Teoma
>~ (?i)The\+Knowledge\+AI
>~ (?i)titan
>~ (?i)^Traackr\.com$
>~ (?i)Trello
>~ (?i)Trove
>~ (?i)Turnitin
>~ (?i)twiceler
>~ (?i)Typhoeus
>~ (?i)ucsd
>~ (?i)ultraseek
>~ (?i)^undefined$
>~ (?i)^unknown$
>~ (?i)Unpaywall
>~ (?i)URL2File
>~ (?i)urlaliasbuilder
>~ (?i)urllib
>~ (?i)^user.?agent$
>~ (?i)^User-Agent
>~ (?i)validator
>~ (?i)virus.detector
>~ (?i)voila
>~ (?i)^voltron$
>~ (?i)voyager\/
>~ (?i)w3af\.org
>~ (?i)Wanadoo
>~ (?i)Web(\s|\+)Downloader
>~ (?i)WebCloner
>~ (?i)webcollage
>~ (?i)WebCopier
>~ (?i)Webinator
>~ (?i)weblayers
>~ (?i)Webmetrics
>~ (?i)webmirror
>~ (?i)webmon
>~ (?i)weborama-fetcher
>~ (?i)webreaper
>~ (?i)WebStripper
>~ (?i)WebZIP
>~ (?i)Wget
>~ (?i)WhatsApp
>~ (?i)wordpress
>~ (?i)worm
>~ (?i)www\.gnip\.com
>~ (?i)WWW-Mechanize
>~ (?i)xenu
>~ (?i)y!j
>~ (?i)yacy
>~ (?i)yahoo
>~ (?i)yandex
>~ (?i)Yeti\/\d
>~ (?i)zeus
>~ (?i)zyborg
>~ (?i)7siters