patterns/waf_patterns/nginx/initialization.conf

# Nginx WAF rules for INITIALIZATION
location / {
    set $attack_detected 0;

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@rx ^.*$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx (?:URLENCODED|MULTIPART|XML|JSON)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx (?:URLENCODED|MULTIPART|XML|JSON)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 100") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@rx ^[a-f]*([0-9])[a-f]*([0-9])") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@lt %{tx.sampling_percentage}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt %{tx.blocking_paranoia_level}") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`# Nginx WAF rules for INITIALIZATION`
			`location / {`
			`set $attack_detected 0;`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 0") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 1") {`
			`set $attack_detected 1;`
			`}`

Update: [Sun Dec 22 00:28:28 UTC 2024] 2024-12-22 00:28:28 +00:00			`if ($request_uri ~* "@rx ^.*$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "!@rx (?:URLENCODED\|MULTIPART\|XML\|JSON)") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 1") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "!@rx (?:URLENCODED\|MULTIPART\|XML\|JSON)") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@eq 100") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@rx ^[a-f]([0-9])[a-f]([0-9])") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "!@lt %{tx.sampling_percentage}") {`
			`set $attack_detected 1;`
			`}`

			`if ($request_uri ~* "@lt %{tx.blocking_paranoia_level}") {`
			`set $attack_detected 1;`
			`}`

			`if ($attack_detected = 1) {`
			`return 403;`
			`}`
			`}`