# Nginx WAF rules for GENERIC
# Automatically generated from OWASP rules.
# Include this file in your server or location block.

map $request_uri $waf_block_generic {
    default 0;
    "~*[s*constructors*]" 1;
    "~*while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)" 1;
    "~*@{.*}" 1;
}

if ($waf_block_generic) {
    return 403;
    # Log the blocked request (optional)
    # access_log /var/log/nginx/waf_blocked.log;
}