External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 22 00:28:28 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-22 00:28:28 +00:00
parent b05a7d87c2
commit 1e4bb70b5d
50 changed files with 428 additions and 577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
waf_patterns/nginx/enforcement.conf
View File

@@ -46,11 +46,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$") {
if ($request_uri ~* "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^") {
if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^") {
set $attack_detected 1;
}
@@ -122,7 +122,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^.*%.*.[^sx0b.]+$") {
if ($request_uri ~* "!@rx ^.*%.*.[^sv.]+$") {
set $attack_detected 1;
}
@@ -246,7 +246,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['") {
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['") {
set $attack_detected 1;
}
@@ -294,11 +294,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 100") {
if ($request_uri ~* "@gt 50") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:(?:*|[^!") {
if ($request_uri ~* "!@rx ^(?:(?:*|[^!-") {
set $attack_detected 1;
}