nginx generation improved

waf_patterns/nginx/iis.conf

@@ -1,24 +1,18 @@
 # Nginx WAF rules for IIS
-location / {
-    set $attack_detected 0;
+# Automatically generated from OWASP rules.
+# Include this file in your server or location block.
 
-    if ($request_uri ~* "(?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "bServer Error in.{0,50}?bApplicationb") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "!@rx ^404$") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "[a-z]:x5cinetpubb") {
-        set $attack_detected 1;
-    }
-
-    if ($attack_detected = 1) {
-        return 403;
-    }
+map $request_uri $waf_block_iis {
+    default 0;
+    "~*(?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" 1;
+    "~*!@rx ^404$" 1;
+    "~*bServer Error in.{0,50}?bApplicationb" 1;
+    "~*[a-z]:x5cinetpubb" 1;
 }
+
+if ($waf_block_iis) {
+    return 403;
+    # Log the blocked request (optional)
+    # access_log /var/log/nginx/waf_blocked.log;
+}
+