2024-12-21 00:30:30 +00:00
|
|
|
# Nginx WAF rules for GENERIC
|
2025-01-16 13:49:54 +01:00
|
|
|
# Automatically generated from OWASP rules.
|
|
|
|
|
# Include this file in your server or location block.
|
2024-12-21 00:30:30 +00:00
|
|
|
|
2025-01-16 13:49:54 +01:00
|
|
|
map $request_uri $waf_block_generic {
|
|
|
|
|
default 0;
|
|
|
|
|
"~*[s*constructors*]" 1;
|
2025-01-23 00:25:20 +00:00
|
|
|
"~*@{.*}" 1;
|
2025-01-26 00:25:41 +00:00
|
|
|
"~*while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)" 1;
|
2025-01-16 13:49:54 +01:00
|
|
|
}
|
2024-12-21 00:30:30 +00:00
|
|
|
|
2025-01-16 13:49:54 +01:00
|
|
|
if ($waf_block_generic) {
|
|
|
|
|
return 403;
|
|
|
|
|
# Log the blocked request (optional)
|
|
|
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
2024-12-21 00:30:30 +00:00
|
|
|
}
|
2025-01-16 13:49:54 +01:00
|
|
|
|
