mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 17:55:48 +00:00
129 lines
2.5 KiB
Plaintext
129 lines
2.5 KiB
Plaintext
# Nginx WAF rules for INITIALIZATION
|
|
location / {
|
|
set $attack_detected 0;
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 0") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 1") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@rx ^.*$") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "!@rx (?:URLENCODED|MULTIPART|XML|JSON)") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 1") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "!@rx (?:URLENCODED|MULTIPART|XML|JSON)") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@eq 100") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@rx ^[a-f]*([0-9])[a-f]*([0-9])") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "!@lt %{tx.sampling_percentage}") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt %{tx.blocking_paranoia_level}") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($attack_detected = 1) {
|
|
return 403;
|
|
}
|
|
}
|