External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/nginx/fixation.conf
github-actions[bot] 505af665ab Update: [Mon Jan 13 00:29:11 UTC 2025]
2025-01-13 00:29:11 +00:00

29 lines
754 B
Plaintext
Raw Blame History

# Nginx WAF rules for FIXATION
location / {
set $attack_detected 0;
if ($request_uri ~* "@eq 0") {
set $attack_detected 1;
}
if ($request_uri ~* "^(?:ht|f)tps?://(.*?)/") {
set $attack_detected 1;
}
if ($request_uri ~* "^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$") {
set $attack_detected 1;
}
if ($request_uri ~* "!@endsWith %{request_headers.host}") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
}
Reference in New Issue View Git Blame Copy Permalink