From 6bcca53eae1d0c1c2abfd359f99591e72363f5c5 Mon Sep 17 00:00:00 2001
From: Fabrizio Salmi <fabrizio.salmi@gmail.com>
Date: Tue, 9 Dec 2025 07:59:25 +0100
Subject: [PATCH] Fix CI workflow and clarify Nginx WAF usage

- Remove redundant 'gh auth login' command in CI workflow (fixes exit code 1 error)
- Use GH_TOKEN env var instead of GITHUB_TOKEN for gh CLI
- Update Nginx README to clarify that individual category .conf files should not be included directly
- Document that users must use waf_maps.conf (http block) + waf_rules.conf (server block)

Fixes #17
---
 .github/workflows/update_patterns.yml | 3 +--
 waf_patterns/nginx/README.md          | 9 +++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update_patterns.yml b/.github/workflows/update_patterns.yml
index 52349a2..6a3f6b8 100644
--- a/.github/workflows/update_patterns.yml
+++ b/.github/workflows/update_patterns.yml
@@ -81,7 +81,6 @@ jobs:
 
     - name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist)
       run: |
-        gh auth login --with-token <<< "$GITHUB_TOKEN"
         # Delete local tag
         git tag -d latest || true
         # Delete remote tag (force)
@@ -89,7 +88,7 @@ jobs:
         # Delete release, --yes for confirmation
         gh release delete latest --yes || true
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 
     - name: 🚀 Create GitHub Release (if previous steps succeeded)
diff --git a/waf_patterns/nginx/README.md b/waf_patterns/nginx/README.md
index befaff5..09d7af1 100644
--- a/waf_patterns/nginx/README.md
+++ b/waf_patterns/nginx/README.md
@@ -4,6 +4,9 @@ This directory contains Nginx WAF configuration files generated from OWASP rules
 You can include these files in your existing Nginx configuration to enhance security.
 
 ## Usage
+
+**Important:** You should only include the two main configuration files (`waf_maps.conf` and `waf_rules.conf`). The individual category files (e.g., `attack.conf`, `xss.conf`) are provided for reference only and should **not** be included directly, as they contain both `map` and `if` directives that cannot be used in the same Nginx context.
+
 1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
    ```nginx
    http {
@@ -24,7 +27,9 @@ You can include these files in your existing Nginx configuration to enhance secu
    ```
 
 ## Notes
-- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
-- The rules (if statements) are defined in the `waf_rules.conf` file.
+- The `map` directives (defined in `waf_maps.conf`) must be placed in the `http` context.
+- The `if` rules (defined in `waf_rules.conf`) must be placed in a `server` or `location` context.
+- **Do not** try to include individual category files like `attack.conf` directly - they are auto-generated for reference and viewing purposes only.
 - Blocked requests return a `403 Forbidden` response by default.
 - You can enable logging for blocked requests by uncommenting the `access_log` line.
+