Update: [Fri Feb 28 10:01:01 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-02-28 10:01:01 +00:00
parent a6307b5cf6
commit cc2b6d768f
5 changed files with 2421 additions and 2424 deletions
--- a/waf_patterns/nginx/waf_maps.conf
+++ b/waf_patterns/nginx/waf_maps.conf
--- a/waf_patterns/nginx/waf_rules.conf
+++ b/waf_patterns/nginx/waf_rules.conf
@@ -3,117 +3,117 @@
 # Include this file inside server block

  # WAF rules
-    if ($waf_block_correlation) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_fixation) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_rfi) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_rce) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_attack) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_enforcement) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
    if ($waf_block_php) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

-    if ($waf_block_evaluation) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_java) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_initialization) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_shells) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_generic) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_leakages) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_iis) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_sql) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_lfi) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
-    if ($waf_block_xss) {
-      return 403;
-      # Log the blocked request (optional)
-      # access_log /var/log/nginx/waf_blocked.log;
-    }
-
    if ($waf_block_exceptions) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

+    if ($waf_block_initialization) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_lfi) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_evaluation) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_rfi) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_leakages) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_generic) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_attack) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_sql) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_xss) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
    if ($waf_block_sqli) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

+    if ($waf_block_fixation) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_enforcement) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_java) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_rce) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_shells) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_correlation) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+
+    if ($waf_block_iis) {
+      return 403;
+      # Log the blocked request (optional)
+      # access_log /var/log/nginx/waf_blocked.log;
+    }
+