External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-18 10:15:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/nginx/leakages.conf

53 lines
1.0 KiB
Plaintext
Raw Normal View History

Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024]
2024-12-21 00:30:30 +00:00
# Nginx WAF rules for LEAKAGES
location / {
set $attack_detected 0;
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^#!s?/") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^5d{2}$") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
}
Reference in New Issue Copy Permalink