# Nginx WAF Rules
# Automatically generated from OWASP rules.
# Include this file inside server block

  # WAF rules
    if ($waf_block_initialization) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_fixation) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_attack) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_rfi) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_exceptions) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_lfi) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_enforcement) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_generic) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_xss) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_php) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_evaluation) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_rce) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_sqli) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_java) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_sql) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_leakages) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_shells) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_correlation) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }

    if ($waf_block_iis) {
      return 403;
      # Log the blocked request (optional)
      # access_log /var/log/nginx/waf_blocked.log;
    }