External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/nginx/fixation.conf
github-actions[bot] 0e59b87df0 Update: [Mon Jan 27 00:26:20 UTC 2025]
2025-01-27 00:26:20 +00:00

20 lines
659 B
Plaintext
Raw Blame History

# Nginx WAF rules for FIXATION
# Automatically generated from OWASP rules.
# Include this file in your server or location block.
map $request_uri $waf_block_fixation {
default 0;
"~*^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" 1;
"~*@eq 0" 1;
"~*(?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)" 1;
"~*!@endsWith %{request_headers.host}" 1;
"~*^(?:ht|f)tps?://(.*?)/" 1;
}
if ($waf_block_fixation) {
return 403;
# Log the blocked request (optional)
# access_log /var/log/nginx/waf_blocked.log;
}
Reference in New Issue View Git Blame Copy Permalink