External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/nginx/sql.conf
github-actions[bot] 1e4bb70b5d Update: [Sun Dec 22 00:28:28 UTC 2024]
2024-12-22 00:28:28 +00:00

109 lines
4.3 KiB
Plaintext
Raw Blame History

# Nginx WAF rules for SQL
location / {
set $attack_detected 0;
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 1") {
set $attack_detected 1;
}
if ($request_uri ~* "!@pmFromFile sql-errors.data") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)Dynamic SQL Error") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)Exception (?:condition )?d+. Transaction rollback.") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)org.hsqldb.jdbc") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)") {
set $attack_detected 1;
}
if ($request_uri ~* "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 2") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 3") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($request_uri ~* "@lt 4") {
set $attack_detected 1;
}
if ($attack_detected = 1) {
return 403;
}
}
Reference in New Issue View Git Blame Copy Permalink