External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Generate Nginx WAF config with separate map and rule files

Browse Source 
This commit modifies the script to output two files:
- waf_maps.conf (for http block)
- waf_rules.conf (for server block)
to avoid conflicts and provide more flexibility.

This update should fix the bugged nginx rules integration on existing setups: https://github.com/fabriziosalmi/patterns/issues/8
This commit is contained in:
fabriziosalmi
2025-01-28 22:40:56 +01:00
parent eaf5714520
commit f1bae07d6c
6 changed files with 534 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
waf_patterns/nginx/README.md
View File

@@ -1,22 +1,30 @@
# Nginx WAF Rule Snippets
# Nginx WAF Configuration
This directory contains Nginx WAF rule snippets generated from OWASP rules.
You can include these snippets in your existing Nginx configuration to enhance security.
This directory contains Nginx WAF configuration files generated from OWASP rules.
You can include these files in your existing Nginx configuration to enhance security.
## Usage
1. Include the rule snippets in your `server` or `location` block:
1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
```nginx
server {
# Your existing configuration
include /path/to/waf_patterns/nginx/*.conf;
http {
include /path/to/waf_patterns/nginx/waf_maps.conf;
# ... other http configurations ...
}
```
2. Reload Nginx to apply the changes:
2. Include the `waf_rules.conf` file in your `server` block:
```nginx
server {
# ... other server configurations ...
include /path/to/waf_patterns/nginx/waf_rules.conf;
}
```
3. Reload Nginx to apply the changes:
```bash
sudo nginx -t && sudo systemctl reload nginx
```
## Notes
- The rules use `map` directives for efficient pattern matching.
- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
- The rules (if statements) are defined in the `waf_rules.conf` file.
- Blocked requests return a `403 Forbidden` response by default.
- You can enable logging for blocked requests by uncommenting the `access_log` line.

44
waf_patterns/nginx/detection.conf
View File

@@ -1,44 +0,0 @@
# Nginx WAF rules for DETECTION
location / {
set $attack_detected 0;
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@pmFromFile scanners-user-agents.data") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
}

15
waf_patterns/nginx/lfi.conf
View File

@@ -1,15 +0,0 @@
# Nginx WAF rules for LFI
# Automatically generated from OWASP rules.
# Include this file in your server or location block.
map $request_uri $waf_block_lfi {
default 0;
"~*(?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))" 1;
}
if ($waf_block_lfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}

332
waf_patterns/nginx/waf_maps.conf Normal file
View File

File diff suppressed because one or more lines are too long

119
waf_patterns/nginx/waf_rules.conf Normal file
View File

@@ -0,0 +1,119 @@
# Nginx WAF Rules
# Automatically generated from OWASP rules.
# Include this file inside server block
# WAF rules
if ($waf_block_initialization) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_attack) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_exceptions) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_lfi) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_enforcement) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_php) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_fixation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_evaluation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_sql) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_generic) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_leakages) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_java) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_xss) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_rce) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_sqli) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_iis) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_shells) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
if ($waf_block_correlation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}