# Nginx WAF rules for DETECTION
location / {
    set $attack_detected 0;

    if ($request_uri ~* "@lt 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@pmFromFile scanners-user-agents.data") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 2") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 2") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 3") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 3") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 4") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@lt 4") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}