Hello. Sure.
Full rule is: (http.request.uri.query contains "eval") or (http.request.uri.query contains "javascript") or (http.request.uri.query contains "base64_encode") or (http.request.uri.query contains "GLOBALS") or (http.request.uri.query contains "REQUEST") or (http.request.uri.query contains "boot.ini") or (http.request.uri.query contains "etc/passwd") or (http.request.uri.query contains "self/environ") or (http.request.uri.query contains "md5") or (http.request.method eq "PURGE") or (http.referer contains "semalt.com") or (http.referer contains "todaperfeita") or (http.request.uri.query contains "phpinfo") or (http.request.uri.query contains "sqlpatch") or (http.request.uri.query contains "163data") or (http.request.uri.query contains "amazonaws") or (http.request.uri.query contains "colocrossing") or (http.request.uri.query contains "crimea") or (http.request.uri.query contains "g00g1e") or (http.request.uri.query contains "justhost") or (http.request.uri.query contains "kanagawa") or (http.request.uri.query contains "loopia") or (http.request.uri.query contains "masterhost") or (http.request.uri.query contains "onlinehome") or (http.request.uri.query contains "poneytel") or (http.request.uri.query contains "sprintdatacenter") or (http.request.uri.query contains "reverse.softlayer") or (http.request.uri.query contains "safenet") or (http.request.uri.query contains "ttnet") or (http.request.uri.query contains "woodpecker") or (http.request.uri.query contains "wowrack") or (http.referer contains "hoodia") or (http.referer contains "huronriveracres") or (http.referer contains "impotence") or (http.referer contains "levitra") or (http.referer contains "libido") or (http.referer contains "lipitor") or (http.referer contains "phentermin") or (http.referer contains "sandyauer") or (http.referer contains "tramadol") or (http.referer contains "troyhamby") or (http.referer contains "ultram") or (http.referer contains "unicauca") or (http.referer contains "valium") or (http.referer contains "viagra") or (http.referer contains "vicodin") or (http.referer contains "xanax") or (http.referer contains "ypxaieo") or (http.referer contains "101raccoon.ru") or (http.referer contains "28n2gl3wfyb0.ru") or (http.referer contains "627ad6438b58439cad1fc8cf6d67a92e.com") or (http.referer contains "6ab9743d0152486387559b4abaa02ada.com") or (http.referer contains "a342ae9750004b14b55f7310eff0ab65.com") or (http.referer contains "aa08daf7e13b6345e09e92f771507fa5f4.com") or (http.referer contains "aa14ab57a3339c4064bd9ae6fad7495b5f.com") or (http.referer contains "aa625d84f1587749c1ab011d6f269f7d64.com") or (http.referer contains "aa81bf391151884adfa3dd677e41f94be1.com") or (http.referer contains "aa8780bb28a1de4eb5bff33c28a218a930.com") or (http.referer contains "aa8b68101d388c446389283820863176e7.com") or (http.referer contains "aa9bd78f328a6a41279d0fad0a88df1901.com") or (http.referer contains "aa9d046aab36af4ff182f097f840430d51.com") or (http.referer contains "aaa38852e886ac4af1a3cff9b47cab6272.com") or (http.referer contains "aab94f698f36684c5a852a2ef272e031bb.com") or (http.referer contains "aac500b7a15b2646968f6bd8c6305869d7.com") or (http.referer contains "aac52006ec82a24e08b665f4db2b5013f7.com") or (http.referer contains "aad1f4acb0a373420d9b0c4202d38d94fa.com") or (http.referer contains "asrv-a.akamoihd.net") or (http.referer contains "asrvrep-a.akamaihd.net") or (http.referer contains "bestpriceninja.com") or (http.referer contains "bronzeaid-a.akamaihd.net") or (http.request.method eq "PATCH") or (http.request.method eq "DELETE") or (http.request.method eq "OPTIONS") or (http.request.method eq "PUT") or (http.request.method eq "PURGE") or (http.request.uri.query eq "debug=") or (http.request.uri.query contains "load_options") or (http.request.uri.query contains "swp_debug")