diff --git a/http/cves/2019/CVE-2019-9978.yaml b/http/cves/2019/CVE-2019-9978.yaml
index 6b129cce97..d933f4736d 100644
--- a/http/cves/2019/CVE-2019-9978.yaml
+++ b/http/cves/2019/CVE-2019-9978.yaml
@@ -41,6 +41,7 @@ http:
 
     matchers:
       - type: word
+        internal: true
         words:
           - 'Social Warfare'
 
diff --git a/http/cves/2020/CVE-2020-24148.yaml b/http/cves/2020/CVE-2020-24148.yaml
index 87517cf24f..211c9faeaa 100644
--- a/http/cves/2020/CVE-2020-24148.yaml
+++ b/http/cves/2020/CVE-2020-24148.yaml
@@ -40,6 +40,7 @@ http:
 
     matchers:
       - type: word
+        internal: true
         words:
           - 'Import XML feed'
 
diff --git a/http/cves/2021/CVE-2021-28164.yaml b/http/cves/2021/CVE-2021-28164.yaml
index cdb744e496..80a70738c6 100644
--- a/http/cves/2021/CVE-2021-28164.yaml
+++ b/http/cves/2021/CVE-2021-28164.yaml
@@ -38,6 +38,7 @@ http:
 
     matchers:
       - type: dsl
+        internal: true
         dsl:
           - "!contains_all(body, '</web-app>', 'java.sun.com')"
           - "!contains_all(header, 'application/xml')"
diff --git a/http/cves/2023/CVE-2023-0600.yaml b/http/cves/2023/CVE-2023-0600.yaml
index 071cf31a13..07011118e1 100644
--- a/http/cves/2023/CVE-2023-0600.yaml
+++ b/http/cves/2023/CVE-2023-0600.yaml
@@ -40,6 +40,7 @@ http:
 
     matchers:
       - type: word
+        internal: true
         words:
           - 'Real Time Traffic'
 
diff --git a/http/cves/2023/CVE-2023-43177.yaml b/http/cves/2023/CVE-2023-43177.yaml
index 4cdb7a0ae5..4012a20c17 100644
--- a/http/cves/2023/CVE-2023-43177.yaml
+++ b/http/cves/2023/CVE-2023-43177.yaml
@@ -38,6 +38,7 @@ http:
 
     matchers:
       - type: dsl
+        internal: true
         dsl:
           - contains_all(to_lower(header), "currentauth", "crushauth")
 
diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml
index 7088380485..47fe1be0ed 100644
--- a/http/cves/2023/CVE-2023-46574.yaml
+++ b/http/cves/2023/CVE-2023-46574.yaml
@@ -34,6 +34,7 @@ http:
 
     matchers:
       - type: dsl
+        internal: true
         dsl:
           - 'status_code == 200'
           - 'contains(body, "<title>TOTOLINK</title>")'
diff --git a/http/cves/2023/CVE-2023-6553.yaml b/http/cves/2023/CVE-2023-6553.yaml
index 14c03817a7..9a5cd54af1 100644
--- a/http/cves/2023/CVE-2023-6553.yaml
+++ b/http/cves/2023/CVE-2023-6553.yaml
@@ -27,6 +27,7 @@ http:
 
     matchers:
       - type: dsl
+        internal: true
         dsl:
           - 'status_code == 200'
           - 'contains(body, "Backup Migration")'
diff --git a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
index 608dcd099f..6bb6ab1a5c 100644
--- a/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
+++ b/http/vulnerabilities/ruijie/ruijie-rg-eg-web-mis-rce.yaml
@@ -23,6 +23,7 @@ http:
 
     matchers:
       - type: dsl
+        internal: true
         dsl:
           - 'status_code == 200'
           - 'contains(body, "ruijie")'