Update: [Tue Jan 7 18:00:52 UTC 2025]

waf_patterns/nginx/iis.conf

@@ -2,23 +2,11 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@lt 1") {
+    if ($request_uri ~* "(?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@lt 1") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx [a-z]:x5cinetpubb") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@pmFromFile iis-errors.data") {
+    if ($request_uri ~* "[a-z]:x5cinetpubb") {
         set $attack_detected 1;
     }
 
@@ -26,31 +14,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx bServer Error in.{0,50}?bApplicationb") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 2") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 2") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 3") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 3") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 4") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@lt 4") {
+    if ($request_uri ~* "bServer Error in.{0,50}?bApplicationb") {
         set $attack_detected 1;
     }