patterns/waf_patterns/haproxy/waf.acl

# HAProxy WAF ACL rules

# Rules for User-Agent
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int == 0 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int >= 1 }
http-request  if { User-Agent int == 0 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
acl block_exceptions_no_id hdr_sub(User-Agent) -i str -m str GET /
http-request  if { User-Agent int < 1 }


# High Severity Rules (Deny)

# Medium Severity Rules (Log)
http-request log if block_java_no_id or block_correlation_no_id or block_detection_no_id or block_fixation_no_id or block_rfi_no_id or block_rce_no_id or block_attack_no_id or block_enforcement_no_id or block_php_no_id or block_evaluation_no_id or block_initialization_no_id or block_shells_no_id or block_generic_no_id or block_leakages_no_id or block_iis_no_id or block_sql_no_id or block_lfi_no_id or block_xss_no_id or block_exceptions_no_id or block_sqli_no_id

# Low Severity Rules (Tarpit)
Update: [Sat Dec 21 01:02:14 UTC 2024] 2024-12-21 01:02:14 +00:00			`# HAProxy WAF ACL rules`
Update: [Fri Jan 3 12:26:53 UTC 2025] 2025-01-03 12:26:53 +00:00
Update: [Fri Feb 28 09:59:23 UTC 2025] 2025-02-28 09:59:23 +00:00			`# Rules for User-Agent`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int == 0 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int >= 1 }`
			`http-request if { User-Agent int == 0 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`http-request if { User-Agent int < 1 }`
			`acl block_exceptions_no_id hdr_sub(User-Agent) -i str -m str GET /`
			`http-request if { User-Agent int < 1 }`


			`# High Severity Rules (Deny)`

			`# Medium Severity Rules (Log)`
			`http-request log if block_java_no_id or block_correlation_no_id or block_detection_no_id or block_fixation_no_id or block_rfi_no_id or block_rce_no_id or block_attack_no_id or block_enforcement_no_id or block_php_no_id or block_evaluation_no_id or block_initialization_no_id or block_shells_no_id or block_generic_no_id or block_leakages_no_id or block_iis_no_id or block_sql_no_id or block_lfi_no_id or block_xss_no_id or block_exceptions_no_id or block_sqli_no_id`

			`# Low Severity Rules (Tarpit)`
Update: [Thu Feb 27 01:41:26 UTC 2025] 2025-02-27 01:41:26 +00:00