External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 29 23:20:18 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-29 23:20:18 +00:00
parent 36f08db3eb
commit 3760d3dcde
35 changed files with 17042 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
waf_patterns/nginx/enforcement.conf
View File

@@ -50,7 +50,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^") {
if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$") {
set $attack_detected 1;
}
@@ -114,15 +114,15 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^(.*)/(?:[^?]+)?(?.*)?$") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateUrlEncoding") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^.*%.*.[^sv.]+$") {
if ($request_uri ~* "@rx ^(?i)application/x-www-form-urlencoded") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx x25") {
set $attack_detected 1;
}
@@ -138,7 +138,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)%uff[0-9a-f]{2}") {
if ($request_uri ~* "@rx %u[fF]{2}[0-9a-fA-F]{2}") {
set $attack_detected 1;
}
@@ -246,7 +246,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['") {
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$") {
set $attack_detected 1;
}
@@ -258,7 +258,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx charsets*=s*[") {
if ($request_uri ~* "@rx charsets*=s*["']?([^;"'s]+)") {
set $attack_detected 1;
}
@@ -298,7 +298,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:(?:*|[^!-") {
if ($request_uri ~* "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$") {
set $attack_detected 1;
}
@@ -354,7 +354,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ['") {
if ($request_uri ~* "@rx ['";=]") {
set $attack_detected 1;
}
@@ -374,18 +374,6 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^(?i)application/x-www-form-urlencoded") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx x25") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateUrlEncoding") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}