External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

nginx generation improved

Browse Source
This commit is contained in:
fabriziosalmi
2025-01-16 13:49:54 +01:00
parent de35fec973
commit 1da19ed802
22 changed files with 515 additions and 1105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
waf_patterns/nginx/java.conf
View File

@@ -1,60 +1,27 @@
# Nginx WAF rules for JAVA
location / {
set $attack_detected 0;
# Automatically generated from OWASP rules.
# Include this file in your server or location block.
if ($request_uri ~* "(?:runtime|processbuilder)") {
set $attack_detected 1;
}
if ($request_uri ~* "java.lang.(?:runtime|processbuilder)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)") {
set $attack_detected 1;
}
if ($request_uri ~* ".*.(?:jsp|jspx).*$") {
set $attack_detected 1;
}
if ($request_uri ~* "xacxedx00x05") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)") {
set $attack_detected 1;
}
if ($request_uri ~* "javab.+(?:runtime|processbuilder)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:unmarshaller|base64data|java.)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:rO0ABQ|KztAAU|Cs7QAF)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
map $request_uri $waf_block_java {
default 0;
"~*javab.+(?:runtime|processbuilder)" 1;
"~*(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" 1;
"~*(?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" 1;
"~*.*.(?:jsp|jspx).*$" 1;
"~*(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" 1;
"~*(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)" 1;
"~*(?:runtime|processbuilder)" 1;
"~*xacxedx00x05" 1;
"~*(?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)" 1;
"~*(?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" 1;
"~*java.lang.(?:runtime|processbuilder)" 1;
"~*(?:rO0ABQ|KztAAU|Cs7QAF)" 1;
"~*(?:unmarshaller|base64data|java.)" 1;
}
if ($waf_block_java) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}