Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:30:30 UTC 2024]

waf_patterns/nginx/fixation.conf

@@ -0,0 +1,64 @@
+# Nginx WAF rules for FIXATION
+location / {
+    set $attack_detected 0;
+
+    if ($request_uri ~* "@lt 1") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 1") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@rx ^(?:ht|f)tps?://(.*?)/") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "!@endsWith %{request_headers.host}") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@eq 0") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 2") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 2") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 3") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 3") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 4") {
+        set $attack_detected 1;
+    }
+
+    if ($request_uri ~* "@lt 4") {
+        set $attack_detected 1;
+    }
+
+    if ($attack_detected = 1) {
+        return 403;
+    }
+}