External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix CI workflow and clarify Nginx WAF usage

Browse Source 
- Remove redundant 'gh auth login' command in CI workflow (fixes exit code 1 error)
- Use GH_TOKEN env var instead of GITHUB_TOKEN for gh CLI
- Update Nginx README to clarify that individual category .conf files should not be included directly
- Document that users must use waf_maps.conf (http block) + waf_rules.conf (server block)

Fixes #17
This commit is contained in:
Fabrizio Salmi 2025-12-09 07:59:25 +01:00
parent 87f18886b7
commit 6bcca53eae
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/update_patterns.yml vendored
View File

@ -81,7 +81,6 @@ jobs:
- name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist) - name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist)
run: | run: |
gh auth login --with-token <<< "$GITHUB_TOKEN"
# Delete local tag # Delete local tag
git tag -d latest || true git tag -d latest || true
# Delete remote tag (force) # Delete remote tag (force)
@ -89,7 +88,7 @@ jobs:
# Delete release, --yes for confirmation # Delete release, --yes for confirmation
gh release delete latest --yes || true gh release delete latest --yes || true
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 🚀 Create GitHub Release (if previous steps succeeded) - name: 🚀 Create GitHub Release (if previous steps succeeded)

9
waf_patterns/nginx/README.md
View File

@ -4,6 +4,9 @@ This directory contains Nginx WAF configuration files generated from OWASP rules
You can include these files in your existing Nginx configuration to enhance security. You can include these files in your existing Nginx configuration to enhance security.
## Usage ## Usage
**Important:** You should only include the two main configuration files (`waf_maps.conf` and `waf_rules.conf`). The individual category files (e.g., `attack.conf`, `xss.conf`) are provided for reference only and should **not** be included directly, as they contain both `map` and `if` directives that cannot be used in the same Nginx context.
1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*: 1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
```nginx ```nginx
http { http {
@ -24,7 +27,9 @@ You can include these files in your existing Nginx configuration to enhance secu
``` ```
## Notes ## Notes
- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file. - The `map` directives (defined in `waf_maps.conf`) must be placed in the `http` context.
- The rules (if statements) are defined in the `waf_rules.conf` file. - The `if` rules (defined in `waf_rules.conf`) must be placed in a `server` or `location` context.
- **Do not** try to include individual category files like `attack.conf` directly - they are auto-generated for reference and viewing purposes only.
- Blocked requests return a `403 Forbidden` response by default. - Blocked requests return a `403 Forbidden` response by default.
- You can enable logging for blocked requests by uncommenting the `access_log` line. - You can enable logging for blocked requests by uncommenting the `access_log` line.