External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix CI workflow and clarify Nginx WAF usage

Browse Source 
- Remove redundant 'gh auth login' command in CI workflow (fixes exit code 1 error)
- Use GH_TOKEN env var instead of GITHUB_TOKEN for gh CLI
- Update Nginx README to clarify that individual category .conf files should not be included directly
- Document that users must use waf_maps.conf (http block) + waf_rules.conf (server block)

Fixes #17
This commit is contained in:
Fabrizio Salmi 2025-12-09 07:59:25 +01:00
parent 87f18886b7
commit 6bcca53eae
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/update_patterns.yml vendored
View File

@ -81,7 +81,6 @@ jobs:
- name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist)
run: |
gh auth login --with-token <<< "$GITHUB_TOKEN"
# Delete local tag
git tag -d latest || true
# Delete remote tag (force)
@ -89,7 +88,7 @@ jobs:
# Delete release, --yes for confirmation
gh release delete latest --yes || true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 🚀 Create GitHub Release (if previous steps succeeded)

9
waf_patterns/nginx/README.md
View File

@ -4,6 +4,9 @@ This directory contains Nginx WAF configuration files generated from OWASP rules
You can include these files in your existing Nginx configuration to enhance security.
## Usage
**Important:** You should only include the two main configuration files (`waf_maps.conf` and `waf_rules.conf`). The individual category files (e.g., `attack.conf`, `xss.conf`) are provided for reference only and should **not** be included directly, as they contain both `map` and `if` directives that cannot be used in the same Nginx context.
1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
```nginx
http {
@ -24,7 +27,9 @@ You can include these files in your existing Nginx configuration to enhance secu
```
## Notes
- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
- The rules (if statements) are defined in the `waf_rules.conf` file.
- The `map` directives (defined in `waf_maps.conf`) must be placed in the `http` context.
- The `if` rules (defined in `waf_rules.conf`) must be placed in a `server` or `location` context.
- **Do not** try to include individual category files like `attack.conf` directly - they are auto-generated for reference and viewing purposes only.
- Blocked requests return a `403 Forbidden` response by default.
- You can enable logging for blocked requests by uncommenting the `access_log` line.