External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 29 23:20:18 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-29 23:20:18 +00:00
parent 36f08db3eb
commit 3760d3dcde
35 changed files with 17042 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
waf_patterns/nginx/sqli.conf
View File

@@ -30,7 +30,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[") {
if ($request_uri ~* "@rx (?i)["'`](?:[sv]*![sv]*["'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?["'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?(") {
set $attack_detected 1;
}
@@ -42,11 +42,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[") {
if ($request_uri ~* "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+["'`]|;.*?:[sv]*?goto)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:merge.*?usings*?(|executes*?immediates*?[") {
if ($request_uri ~* "@rx (?i:merge.*?usings*?(|executes*?immediates*?["'`]|matchs*?[w(),+-]+s*?againsts*?()") {
set $attack_detected 1;
}
@@ -54,7 +54,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[") {
if ($request_uri ~* "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)") {
set $attack_detected 1;
}
@@ -70,15 +70,15 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[") {
if ($request_uri ~* "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|["'0-9A-Z_-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/") {
if ($request_uri ~* "@rx (?i:/*[!+](?:[ws=_-()]+)?*/)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^(?:[^']*'|[^") {
if ($request_uri ~* "@rx ^(?:[^']*'|[^"]*"|[^`]*`)[sv]*;") {
set $attack_detected 1;
}
@@ -86,7 +86,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx [") {
if ($request_uri ~* "@rx ["'`][[{].*[]}]["'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)["'`][[{].*[]}]["'`]|json_extract.*(.*)") {
set $attack_detected 1;
}
@@ -98,11 +98,15 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[") {
if ($request_uri ~* "@rx (?:^s*["'`;]+|["'`]+s*$)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[sv") {
if ($request_uri ~* "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|"[^"]*")[sv]+and[sv]+(?:'[^']*'|"[^"]*"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv"'-)`]*?b([0-9A-Z_a-z]+)b") {
set $attack_detected 1;
}
@@ -110,7 +114,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[sv") {
if ($request_uri ~* "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv"'-)`]*?b([0-9A-Z_a-z]+)b") {
set $attack_detected 1;
}
@@ -122,35 +126,35 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:/*)+[") {
if ($request_uri ~* "@rx (?i)(?:/*)+["'`]+[sv]?(?:--|[#{]|/*)?|["'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*["'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?["'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)["'`])|[0-9]["'`][sv]+["'`][sv]+[0-9]|^admin[sv]*?["'`]|[sv"'-(`][sv]*?glob[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i),.*?[") {
if ($request_uri ~* "@rx (?i),.*?["')0-9`-f]["'`](?:["'`].*?["'`]|(?:r?n)?z|[^"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[") {
if ($request_uri ~* "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[") {
if ($request_uri ~* "@rx (?i)["'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?["'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+["'`]|like[sv]*?["'`]%|select[sv]+?[sv"'-),-.0-9A-[]_-z]+from[sv]+") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[") {
if ($request_uri ~* "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][") {
if ($request_uri ~* "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+["'`][0-9A-Z_a-z]|["'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[") {
if ($request_uri ~* "@rx (?i)["'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?["'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?["'`]$|["'x5c`]*?(?:["'0-9`]+|[^"'`]+["'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?["'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?["'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?["'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?["'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[") {
if ($request_uri ~* "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["'`]|[0-9=]+x)|["'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+["'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?["'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)["'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()") {
set $attack_detected 1;
}
@@ -158,23 +162,23 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[") {
if ($request_uri ~* "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[") {
if ($request_uri ~* "@rx (?i)["'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?["'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?["'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^["'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+["'`][^,]") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[") {
if ($request_uri ~* "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["'][^=]{1,10}[ "'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[") {
if ($request_uri ~* "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["'][^=]{1,10}["'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[") {
if ($request_uri ~* "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["'][^=]{1,10}["']) ?[<->]+)") {
set $attack_detected 1;
}
@@ -190,19 +194,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!ARGS:foo") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx [a-zA-Z0-9_-]{61,61}") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx [a-zA-Z0-9_-]{91,91}") {
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´`<>][^~!@#$%^&*()-+={}[]|:;"'´`<>]*?){12})") {
set $attack_detected 1;
}
@@ -222,11 +214,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)[") {
if ($request_uri ~* "@rx (?i)["'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^") {
if ($request_uri ~* "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^"]*?(?:"[^"]*?"[^"]*?)*?"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b") {
set $attack_detected 1;
}
@@ -234,7 +226,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^.*?x5c['") {
if ($request_uri ~* "@rx ^.*?x5c['"`](?:.*?['"`])?s*(?:and|or)b") {
set $attack_detected 1;
}
@@ -262,19 +254,15 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx [") {
if ($request_uri ~* "@rx ["'`][sd]*?[^ws]W*?dW*?.*?["'`d]") {
set $attack_detected 1;
}
if ($request_uri ~* "!REQUEST_COOKIES:foo_id") {
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´`<>][^~!@#$%^&*()-+={}[]|:;"'´`<>]*?){8})") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;") {
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´`<>][^~!@#$%^&*()-+={}[]|:;"'´`<>]*?){6})") {
set $attack_detected 1;
}
@@ -298,11 +286,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;") {
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´`<>][^~!@#$%^&*()-+={}[]|:;"'´`<>]*?){3})") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;") {
if ($request_uri ~* "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´`<>][^~!@#$%^&*()-+={}[]|:;"'´`<>]*?){2})") {
set $attack_detected 1;
}