External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Mon Jan 13 00:29:11 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-13 00:29:11 +00:00
parent c59456bd3e
commit 505af665ab
39 changed files with 3241 additions and 3241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
waf_patterns/nginx/php.conf
View File

@@ -2,11 +2,7 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "(?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://") {
set $attack_detected 1;
}
if ($request_uri ~* "@pm ?>") {
if ($request_uri ~* "@pm =") {
set $attack_detected 1;
}
@@ -14,7 +10,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@pm =") {
if ($request_uri ~* "(?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://") {
set $attack_detected 1;
}
@@ -22,10 +18,26 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])") {
set $attack_detected 1;
}
if ($request_uri ~* ".*.(?:phpd*|phtml)..*$") {
set $attack_detected 1;
}
if ($request_uri ~* "@pm ?>") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b") {
set $attack_detected 1;
}
if ($request_uri ~* "[oOcC]:d+:\".+?\":d+:{.*}") {
set $attack_detected 1;
}
@@ -34,18 +46,6 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b") {
set $attack_detected 1;
}
if ($request_uri ~* ".*.(?:phpd*|phtml)..*$") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}