# Nginx WAF rules for GENERIC
location / {
    set $attack_detected 0;

    if ($request_uri ~* "[s*constructors*]") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@{.*}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}