From 5d75c77bda702f9e0414c7cc5a3e5f5ce7f934d1 Mon Sep 17 00:00:00 2001
From: ekultek <thomas.perkins23@icloud.com>
Date: Fri, 3 Nov 2017 10:35:13 -0500
Subject: [PATCH] minor update to Sucuri WAF script, will now detect via Access
 Denied first

---
 waf/sucuri.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/waf/sucuri.py b/waf/sucuri.py
index 4b0b50f2c..230768c41 100644
--- a/waf/sucuri.py
+++ b/waf/sucuri.py
@@ -18,6 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retval = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= "Access Denied - Sucuri Website Firewall" in (page or "")
         retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "")
         retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None
         if retval: