2025-01-28 22:40:56 +01:00
|
|
|
# Nginx WAF Configuration
|
2024-12-21 01:19:02 +01:00
|
|
|
|
2025-01-28 22:40:56 +01:00
|
|
|
This directory contains Nginx WAF configuration files generated from OWASP rules.
|
|
|
|
|
You can include these files in your existing Nginx configuration to enhance security.
|
2025-01-16 13:49:54 +01:00
|
|
|
|
|
|
|
|
## Usage
|
2025-01-28 22:40:56 +01:00
|
|
|
1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
|
|
|
|
|
```nginx
|
|
|
|
|
http {
|
|
|
|
|
include /path/to/waf_patterns/nginx/waf_maps.conf;
|
|
|
|
|
# ... other http configurations ...
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
2. Include the `waf_rules.conf` file in your `server` block:
|
2025-01-16 13:49:54 +01:00
|
|
|
```nginx
|
|
|
|
|
server {
|
2025-01-28 22:40:56 +01:00
|
|
|
# ... other server configurations ...
|
|
|
|
|
include /path/to/waf_patterns/nginx/waf_rules.conf;
|
2025-01-16 13:49:54 +01:00
|
|
|
}
|
|
|
|
|
```
|
2025-01-28 22:40:56 +01:00
|
|
|
3. Reload Nginx to apply the changes:
|
2025-01-16 13:49:54 +01:00
|
|
|
```bash
|
|
|
|
|
sudo nginx -t && sudo systemctl reload nginx
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Notes
|
2025-01-28 22:40:56 +01:00
|
|
|
- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
|
|
|
|
|
- The rules (if statements) are defined in the `waf_rules.conf` file.
|
2025-01-16 13:49:54 +01:00
|
|
|
- Blocked requests return a `403 Forbidden` response by default.
|
|
|
|
|
- You can enable logging for blocked requests by uncommenting the `access_log` line.
|
