External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 22 00:28:28 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-22 00:28:28 +00:00
parent b05a7d87c2
commit 1e4bb70b5d
50 changed files with 428 additions and 577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
waf_patterns/nginx/php.conf
View File

@@ -10,7 +10,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]") {
if ($request_uri ~* "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])") {
set $attack_detected 1;
}
@@ -22,11 +22,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx b([^s]+)s*=[^=]") {
set $attack_detected 1;
}
if ($request_uri ~* "@pmFromFile php-config-directives.data") {
if ($request_uri ~* "@pm =") {
set $attack_detected 1;
}
@@ -74,11 +70,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx b([^s]+)s*[(]") {
set $attack_detected 1;
}
if ($request_uri ~* "@pmFromFile php-function-names-933151.data") {
if ($request_uri ~* "@pm (") {
set $attack_detected 1;
}
@@ -94,7 +86,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)") {
if ($request_uri ~* "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)") {
set $attack_detected 1;
}
@@ -118,10 +110,6 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@pm gzip compress deflate br zstd") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}