# Nginx WAF rules for LFI
location / {
    set $attack_detected 0;

    if ($request_uri ~* "(?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}