External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sat Jan 11 00:26:37 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-11 00:26:37 +00:00
parent c68f9937e8
commit 6eff0f9666
39 changed files with 2625 additions and 2625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

334
waf_patterns/nginx/enforcement.conf
View File

@@ -2,127 +2,7 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.max_num_args}") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.combined_file_sizes}") {
set $attack_detected 1;
}
if ($request_uri ~* ".([^.]+)$") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]") {
set $attack_detected 1;
}
if ($request_uri ~* "@ge 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@endsWith .pdf") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.max_file_size}") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122") {
set $attack_detected 1;
}
if ($request_uri ~* "['\";=]") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^d+$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^OPTIONS$") {
set $attack_detected 1;
}
if ($request_uri ~* "charset.*?charset") {
set $attack_detected 1;
}
if ($request_uri ~* "!@pm AppleWebKit Android Business Enterprise Entreprise") {
set $attack_detected 1;
}
if ($request_uri ~* "!@pm AppleWebKit Android") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 1-255") {
set $attack_detected 1;
}
if ($request_uri ~* "%u[fF]{2}[0-9a-fA-F]{2}") {
set $attack_detected 1;
}
if ($request_uri ~* "^.*$") {
set $attack_detected 1;
}
if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.total_arg_length}") {
set $attack_detected 1;
}
if ($request_uri ~* "%[0-9a-fA-F]{2}") {
set $attack_detected 1;
}
if ($request_uri ~* "!@streq JSON") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)x5cu[0-9a-f]{4}") {
set $attack_detected 1;
}
if ($request_uri ~* "@eq 0") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 9,10,13,32-126,128-255") {
set $attack_detected 1;
}
if ($request_uri ~* "b(?:keep-alive|close),s?(?:keep-alive|close)b") {
set $attack_detected 1;
}
if ($request_uri ~* "(?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)") {
set $attack_detected 1;
}
if ($request_uri ~* "^(?:GET|HEAD)$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@endsWith .pdf") {
set $attack_detected 1;
}
if ($request_uri ~* "(d+)-(d+)") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_extensions}") {
if ($request_uri ~* ".[^.~]+~(?:/.*|)$") {
set $attack_detected 1;
}
@@ -130,35 +10,7 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 32-36,38-126") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.arg_length}") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\"w.()+,/:=?<>@#*-]+)*$") {
set $attack_detected 1;
}
if ($request_uri ~* "@streq POST") {
set $attack_detected 1;
}
if ($request_uri ~* "@eq 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateUtf8Encoding") {
set $attack_detected 1;
}
if ($request_uri ~* ".[^.~]+~(?:/.*|)$") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 50") {
if ($request_uri ~* "@gt %{tx.total_arg_length}") {
set $attack_detected 1;
}
@@ -166,31 +18,27 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "^[^;s]+") {
if ($request_uri ~* "@validateUtf8Encoding") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^0?$") {
if ($request_uri ~* "@validateByteRange 9,10,13,32-126,128-255") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_headers_basic}") {
if ($request_uri ~* "(?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]") {
set $attack_detected 1;
}
if ($request_uri ~* "x25") {
if ($request_uri ~* "(?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)") {
set $attack_detected 1;
}
if ($request_uri ~* "@contains #") {
if ($request_uri ~* "!@rx ^d+$") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 0") {
set $attack_detected 1;
}
if ($request_uri ~* "^$") {
if ($request_uri ~* "!@pm AppleWebKit Android Business Enterprise Entreprise") {
set $attack_detected 1;
}
@@ -198,15 +46,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^0$") {
if ($request_uri ~* "@endsWith .pdf") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:OPTIONS|CONNECT)$") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_headers_extended}") {
if ($request_uri ~* "^$") {
set $attack_detected 1;
}
@@ -214,7 +58,55 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}") {
if ($request_uri ~* "x25") {
set $attack_detected 1;
}
if ($request_uri ~* "!@endsWith .pdf") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 50") {
set $attack_detected 1;
}
if ($request_uri ~* "!@pm AppleWebKit Android") {
set $attack_detected 1;
}
if ($request_uri ~* "@ge 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_extensions}") {
set $attack_detected 1;
}
if ($request_uri ~* "!@streq JSON") {
set $attack_detected 1;
}
if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 1-255") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.arg_length}") {
set $attack_detected 1;
}
if ($request_uri ~* ".([^.]+)$") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.max_num_args}") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^0?$") {
set $attack_detected 1;
}
@@ -222,6 +114,114 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "^[^;s]+") {
set $attack_detected 1;
}
if ($request_uri ~* "@eq 0") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122") {
set $attack_detected 1;
}
if ($request_uri ~* "^.*$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^OPTIONS$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\"w.()+,/:=?<>@#*-]+)*$") {
set $attack_detected 1;
}
if ($request_uri ~* "['\";=]") {
set $attack_detected 1;
}
if ($request_uri ~* "b(?:keep-alive|close),s?(?:keep-alive|close)b") {
set $attack_detected 1;
}
if ($request_uri ~* "(d+)-(d+)") {
set $attack_detected 1;
}
if ($request_uri ~* "@eq 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@streq POST") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)x5cu[0-9a-f]{4}") {
set $attack_detected 1;
}
if ($request_uri ~* "@contains #") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^0$") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.max_file_size}") {
set $attack_detected 1;
}
if ($request_uri ~* "%[0-9a-fA-F]{2}") {
set $attack_detected 1;
}
if ($request_uri ~* "%u[fF]{2}[0-9a-fA-F]{2}") {
set $attack_detected 1;
}
if ($request_uri ~* "charset.*?charset") {
set $attack_detected 1;
}
if ($request_uri ~* "^(?:GET|HEAD)$") {
set $attack_detected 1;
}
if ($request_uri ~* "^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_headers_extended}") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt %{tx.combined_file_sizes}") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:OPTIONS|CONNECT)$") {
set $attack_detected 1;
}
if ($request_uri ~* "@within %{tx.restricted_headers_basic}") {
set $attack_detected 1;
}
if ($request_uri ~* "@validateByteRange 32-36,38-126") {
set $attack_detected 1;
}
if ($request_uri ~* "@gt 0") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}