External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Mon Jan 13 00:29:11 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-13 00:29:11 +00:00
parent c59456bd3e
commit 505af665ab
39 changed files with 3241 additions and 3241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
waf_patterns/nginx/attack.conf
View File

@@ -2,11 +2,7 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "content-transfer-encoding:(.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "TX:paramcounter_(.*)") {
if ($request_uri ~* "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d") {
set $attack_detected 1;
}
@@ -14,27 +10,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)") {
set $attack_detected 1;
}
if ($request_uri ~* "[rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w") {
set $attack_detected 1;
}
if ($request_uri ~* "^content-types*:s*(.*)$") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 0") {
if ($request_uri ~* "(?:bhttp/d|<(?:html|meta)b)") {
set $attack_detected 1;
}
@@ -42,15 +18,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?:bhttp/d|<(?:html|meta)b)") {
set $attack_detected 1;
}
if ($request_uri ~* "[nr]") {
set $attack_detected 1;
}
if ($request_uri ~* "[nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:") {
if ($request_uri ~* "[rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w") {
set $attack_detected 1;
}
@@ -58,6 +26,38 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "[nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:") {
set $attack_detected 1;
}
if ($request_uri ~* "^content-types*:s*(.*)$") {
set $attack_detected 1;
}
if ($request_uri ~* "^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)") {
set $attack_detected 1;
}
if ($request_uri ~* "[nr]") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 0") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "TX:paramcounter_(.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "content-transfer-encoding:(.*)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}