External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sat Jan 4 00:25:48 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-04 00:25:48 +00:00
parent 5cf6e75096
commit d142c0ebaa
26 changed files with 9741 additions and 4997 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
waf_patterns/nginx/attack.conf
View File

@@ -2,6 +2,26 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "!@eq 0") {
set $attack_detected 1;
}
if ($request_uri ~* "!@within |%{tx.allowed_request_content_type_charset}|") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^content-types*:s*(.*)$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx content-transfer-encoding:(.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
@@ -106,26 +126,6 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "!@eq 0") {
set $attack_detected 1;
}
if ($request_uri ~* "!@within |%{tx.allowed_request_content_type_charset}|") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx ^content-types*:s*(.*)$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx content-transfer-encoding:(.*)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}

2034
waf_patterns/nginx/bots.conf
View File

File diff suppressed because one or more lines are too long