nginx generation improved

waf_patterns/nginx/rfi.conf

@@ -1,16 +1,16 @@
 # Nginx WAF rules for RFI
-location / {
-    set $attack_detected 0;
+# Automatically generated from OWASP rules.
+# Include this file in your server or location block.
 
-    if ($request_uri ~* "!@endsWith .%{request_headers.host}") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})") {
-        set $attack_detected 1;
-    }
-
-    if ($attack_detected = 1) {
-        return 403;
-    }
+map $request_uri $waf_block_rfi {
+    default 0;
+    "~*!@endsWith .%{request_headers.host}" 1;
+    "~*^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})" 1;
 }
+
+if ($waf_block_rfi) {
+    return 403;
+    # Log the blocked request (optional)
+    # access_log /var/log/nginx/waf_blocked.log;
+}
+