patterns/waf_patterns/nginx/fixation.conf

# Nginx WAF rules for FIXATION
location / {
    set $attack_detected 0;

    if ($request_uri ~* "!@endsWith %{request_headers.host}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^(?:ht|f)tps?://(.*?)/") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`# Nginx WAF rules for FIXATION`
			`location / {`
			`set $attack_detected 0;`

Update: [Sat Jan 11 00:26:37 UTC 2025] 2025-01-11 00:26:37 +00:00			`if ($request_uri ~* "!@endsWith %{request_headers.host}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Sat Jan 11 00:26:37 UTC 2025] 2025-01-11 00:26:37 +00:00			`if ($request_uri ~* "^(?:ht\|f)tps?://(.*?)/") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "^(?:jsessionid\|aspsessionid\|asp.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession)$") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "(?i:.cookieb.?;W?(?:expires\|domain)W*?=\|bhttp-equivW+set-cookieb)") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Fri Jan 10 00:27:14 UTC 2025] 2025-01-10 00:27:14 +00:00			`if ($request_uri ~* "@eq 0") {`
Update: [Wed Jan 8 00:26:52 UTC 2025] 2025-01-08 00:26:52 +00:00			`set $attack_detected 1;`
			`}`

Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`if ($attack_detected = 1) {`
			`return 403;`
			`}`
			`}`