External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx generation improved

Browse Source
This commit is contained in:
fabriziosalmi
2025-01-16 13:49:54 +01:00
parent de35fec973
commit 1da19ed802
22 changed files with 515 additions and 1105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
waf_patterns/nginx/generic.conf
View File

@@ -1,20 +1,17 @@
# Nginx WAF rules for GENERIC
location / {
set $attack_detected 0;
# Automatically generated from OWASP rules.
# Include this file in your server or location block.
if ($request_uri ~* "[s*constructors*]") {
set $attack_detected 1;
}
if ($request_uri ~* "@{.*}") {
set $attack_detected 1;
}
if ($request_uri ~* "while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
map $request_uri $waf_block_generic {
default 0;
"~*while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)" 1;
"~*[s*constructors*]" 1;
"~*@{.*}" 1;
}
if ($waf_block_generic) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}