Update: [Sun Feb 23 00:28:29 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-02-23 00:28:29 +00:00
parent 1968c16e46
commit 2c1fbc2853
5 changed files with 2218 additions and 2218 deletions
--- a/waf_patterns/nginx/waf_maps.conf
+++ b/waf_patterns/nginx/waf_maps.conf
--- a/waf_patterns/nginx/waf_rules.conf
+++ b/waf_patterns/nginx/waf_rules.conf
@@ -3,73 +3,7 @@
 # Include this file inside server block

  # WAF rules
-    if ($waf_block_initialization) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_lfi) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_rfi) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_exceptions) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_attack) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_generic) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_evaluation) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_fixation) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_leakages) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_java) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_php) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_enforcement) {
+    if ($waf_block_sql) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
@@ -81,13 +15,73 @@
      # access_log /var/log/nginx/waf_blocked.log;
    }

+    if ($waf_block_rfi) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_fixation) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_attack) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_enforcement) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_lfi) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_java) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
    if ($waf_block_rce) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

-    if ($waf_block_sql) {
+    if ($waf_block_initialization) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_php) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_evaluation) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_generic) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_leakages) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
@@ -99,13 +93,13 @@
      # access_log /var/log/nginx/waf_blocked.log;
    }

-    if ($waf_block_iis) {
+    if ($waf_block_exceptions) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

-    if ($waf_block_shells) {
+    if ($waf_block_iis) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
@@ -117,3 +111,9 @@
      # access_log /var/log/nginx/waf_blocked.log;
    }

+    if ($waf_block_shells) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+