External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Fri Feb 28 10:01:01 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot] 2025-02-28 10:01:01 +00:00
parent a6307b5cf6
commit cc2b6d768f
5 changed files with 2421 additions and 2424 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3108
owasp_rules.json
View File

File diff suppressed because one or more lines are too long

37
waf_patterns/haproxy/waf.acl
View File

@ -1,32 +1,29 @@
# HAProxy WAF ACL rules # HAProxy WAF ACL rules
# Rules for User-Agent # Rules for User-Agent
http-request if { User-Agent int < 1 } acl block_php_no_id hdr_reg(User-Agent) -i (<?([^x]|x[^m]|xm[^l]|xml[^s]|xml\$|\$)|<?php|[(/|x5c)?php])
http-request if { User-Agent int == 0 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int >= 1 }
http-request if { User-Agent int == 0 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
http-request if { User-Agent int < 1 }
acl block_exceptions_no_id hdr_sub(User-Agent) -i str -m str GET / acl block_exceptions_no_id hdr_sub(User-Agent) -i str -m str GET /
http-request if { User-Agent int < 1 } acl block_initialization_no_id hdr_reg(User-Agent) -i ^\.*\$
acl block_lfi_no_id hdr_reg(User-Agent) -i ((^|[x5c/;])\.{2,3}[x5c/;]|[x5c/;]\.{2,3}([x5c/;]|\$))
acl block_rfi_no_id hdr_reg(User-Agent) -i ^(?i:file|ftps?|https?)://(d{1,3}.d{1,3}.d{1,3}.d{1,3})
acl block_leakages_no_id hdr_reg(User-Agent) -i (<(TITLE>Index of\.*?<H|title>Index of\.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)
acl block_generic_no_id hdr_reg(User-Agent) -i while[sv]*([sv(]*(!+(false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(!!)*((t(rue|his)|[+-]?(Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(Boolea|Functio)n|Object|Array)b|{\.*}|[\.*]|"[^"]+"|'[^']+'|`[^`]+`))\.*)
acl block_attack_no_id hdr_sub(User-Agent) -i str -m !str 0
acl block_sql_no_id hdr_reg(User-Agent) -i (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])
acl block_xss_no_id hdr_sub(User-Agent) -i @detectXSS
acl block_enforcement_no_id hdr_sub(User-Agent) -i str -m !reg %{tx.allowed_methods}
acl block_sqli_no_id hdr_reg(User-Agent) -i (?i:sleep(s*?d*?s*?)|benchmark(\.*?,\.*?))
acl block_fixation_no_id hdr_reg(User-Agent) -i (?i:.cookieb\.*?;W*?(expires|domain)W*?=|bhttp-equivW+set-cookieb)
acl block_java_no_id hdr_reg(User-Agent) -i java.lang\.(runtime|processbuilder)
acl block_rce_no_id hdr_reg(User-Agent) -i \$(((\.*|(\.*)))|{\.*})|[<>](\.*)|/[0-9A-Z_a-z]*[!?\.+]
acl block_shells_no_id hdr_reg(User-Agent) -i (<title>r57 Shell Version [0-9\.]+</title>|<title>r57 shell</title>)
acl block_iis_no_id hdr_reg(User-Agent) -i [a-z]:x5cinetpubb
# High Severity Rules (Deny) # High Severity Rules (Deny)
# Medium Severity Rules (Log) # Medium Severity Rules (Log)
http-request log if block_java_no_id or block_correlation_no_id or block_detection_no_id or block_fixation_no_id or block_rfi_no_id or block_rce_no_id or block_attack_no_id or block_enforcement_no_id or block_php_no_id or block_evaluation_no_id or block_initialization_no_id or block_shells_no_id or block_generic_no_id or block_leakages_no_id or block_iis_no_id or block_sql_no_id or block_lfi_no_id or block_xss_no_id or block_exceptions_no_id or block_sqli_no_id http-request log if block_php_no_id or block_exceptions_no_id or block_initialization_no_id or block_lfi_no_id or block_rfi_no_id or block_leakages_no_id or block_generic_no_id or block_attack_no_id or block_sql_no_id or block_xss_no_id or block_enforcement_no_id or block_sqli_no_id or block_fixation_no_id or block_java_no_id or block_rce_no_id or block_shells_no_id or block_iis_no_id
# Low Severity Rules (Tarpit) # Low Severity Rules (Tarpit)

580
waf_patterns/nginx/waf_maps.conf
View File

File diff suppressed because one or more lines are too long

192
waf_patterns/nginx/waf_rules.conf
View File

@ -3,117 +3,117 @@
# Include this file inside server block # Include this file inside server block
# WAF rules # WAF rules
if ($waf_block_correlation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_fixation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rce) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_attack) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_enforcement) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_php) { if ($waf_block_php) {
return 403; return 403;
# Log the blocked request (optional) # Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log; # access_log /var/log/nginx/waf_blocked.log;
} }
if ($waf_block_evaluation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_java) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_initialization) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_shells) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_generic) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_leakages) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_iis) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_sql) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_lfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_xss) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_exceptions) { if ($waf_block_exceptions) {
return 403; return 403;
# Log the blocked request (optional) # Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log; # access_log /var/log/nginx/waf_blocked.log;
} }
if ($waf_block_initialization) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_lfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_evaluation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_leakages) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_generic) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_attack) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_sql) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_xss) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_sqli) { if ($waf_block_sqli) {
return 403; return 403;
# Log the blocked request (optional) # Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log; # access_log /var/log/nginx/waf_blocked.log;
} }
if ($waf_block_fixation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_enforcement) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_java) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rce) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_shells) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_correlation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_iis) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}

928
waf_patterns/traefik/middleware.toml
View File

File diff suppressed because one or more lines are too long