# Nginx WAF rules for IIS
location / {
    set $attack_detected 0;

    if ($request_uri ~* "bServer Error in.{0,50}?bApplicationb") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "(?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "!@rx ^404$") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "[a-z]:x5cinetpubb") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}