External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Mon Jan 13 00:29:11 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-13 00:29:11 +00:00
parent c59456bd3e
commit 505af665ab
39 changed files with 3241 additions and 3241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
waf_patterns/nginx/sql.conf
View File

@@ -2,7 +2,7 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "(?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)") {
if ($request_uri ~* "(?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)") {
set $attack_detected 1;
}
@@ -10,35 +10,19 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)Exception (?:condition )?d+. Transaction rollback.") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)Dynamic SQL Error") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)") {
if ($request_uri ~* "(?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)") {
set $attack_detected 1;
}
@@ -50,10 +34,26 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)Dynamic SQL Error") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}