diff --git a/rules/web/web_cve_2021_44228_log4j.yml b/rules/web/web_cve_2021_44228_log4j.yml
index 711655745..2d3e73356 100644
--- a/rules/web/web_cve_2021_44228_log4j.yml
+++ b/rules/web/web_cve_2021_44228_log4j.yml
@@ -37,6 +37,10 @@ detection:
         - '${${env:BARFOO:-j}'
         - '${::-l}${::-d}${::-a}${::-p}'
         - '${base64:JHtqbmRp'
+        - '${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}//'
+        - '${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://'
+        - '${${upper:j}ndi:${upper:l}${upper:d}a${lower:p}://'
+        - '${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://'
     condition: keywords
 falsepositives:
     - Vulnerability scanning