Update: [Tue Jan 7 18:00:52 UTC 2025]

waf_patterns/nginx/fixation.conf

@@ -2,23 +2,7 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@lt 1") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 1") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx ^(?:ht|f)tps?://(.*?)/") {
+    if ($request_uri ~* "^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
         set $attack_detected 1;
     }
 
@@ -26,35 +10,15 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@eq 0") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@lt 2") {
+    if ($request_uri ~* "^(?:ht|f)tps?://(.*?)/") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@lt 2") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 3") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 3") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 4") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 4") {
+    if ($request_uri ~* "(?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)") {
         set $attack_detected 1;
     }