mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-29 16:15:12 +00:00
Update: [Sat Jan 11 00:26:37 UTC 2025]
This commit is contained in:
github-actions[bot]
@@ -2,79 +2,11 @@
|
||||
location / {
|
||||
set $attack_detected 0;
|
||||
|
||||
if ($request_uri ~* "(?i)<APPLET[s/+>]") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "@contains -->") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)[\"'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<script[^>]*>[sS]*?") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)[s\"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)b(?:s(?:tyle|rc)|href)b[sS]*?=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<META[s/+].*?charset[s/+]*=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:[\"'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<LINK[s/+].*?href[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "<[?]?import[s/+S]*?implementation[s/+]*?=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "{{.*?}}") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<BASE[s/+].*?href[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "@detectXSS") {
|
||||
if ($request_uri ~* "(?i)[s\"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
@@ -86,15 +18,11 @@ location / {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "<(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W") {
|
||||
if ($request_uri ~* "@detectXSS") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122") {
|
||||
if ($request_uri ~* "(?i)<APPLET[s/+>]") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
@@ -102,6 +30,78 @@ location / {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "<(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<BASE[s/+].*?href[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "@contains -->") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<LINK[s/+].*?href[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)b(?:s(?:tyle|rc)|href)b[sS]*?=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "{{.*?}}") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)[\"'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<META[s/+].*?charset[s/+]*=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<script[^>]*>[sS]*?") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i:[\"'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($request_uri ~* "(?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=") {
|
||||
set $attack_detected 1;
|
||||
}
|
||||
|
||||
if ($attack_detected = 1) {
|
||||
return 403;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user