patterns/waf_patterns/nginx/generic.conf

# Nginx WAF rules for GENERIC
location / {
    set $attack_detected 0;

    if ($request_uri ~* "[s*constructors*]") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@{.*}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`# Nginx WAF rules for GENERIC`
			`location / {`
			`set $attack_detected 0;`

Update: [Thu Jan 16 00:26:08 UTC 2025] 2025-01-16 00:26:08 +00:00			`if ($request_uri ~* "[sconstructors]") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Sun Jan 12 00:29:42 UTC 2025] 2025-01-12 00:29:42 +00:00			`if ($request_uri ~* "@{.*}") {`
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

Update: [Thu Jan 16 00:26:08 UTC 2025] 2025-01-16 00:26:08 +00:00			if ($request_uri ~* "while[sv]([sv(](?:!+(?:false\|null\|undefined\|NaN\|[+-]?0\|\"{2}\|'{2}\|`{2})\|(?:!!)(?:(?:t(?:rue\|his)\|[+-]?(?:Infinity\|[1-9][0-9])\|new [A-Za-z][0-9A-Z_a-z]\|window\|String\|(?:Boolea\|Functio)n\|Object\|Array)b\|{.}\|[.]\|\"[^\"]+\"\|'[^']+'\|`[^`]+`)).)") {
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024] 2024-12-21 00:30:30 +00:00			`set $attack_detected 1;`
			`}`

			`if ($attack_detected = 1) {`
			`return 403;`
			`}`
			`}`