mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
6bcca53eae
- Remove redundant 'gh auth login' command in CI workflow (fixes exit code 1 error) - Use GH_TOKEN env var instead of GITHUB_TOKEN for gh CLI - Update Nginx README to clarify that individual category .conf files should not be included directly - Document that users must use waf_maps.conf (http block) + waf_rules.conf (server block) Fixes #17
1.5 KiB
1.5 KiB
Nginx WAF Configuration
This directory contains Nginx WAF configuration files generated from OWASP rules. You can include these files in your existing Nginx configuration to enhance security.
Usage
Important: You should only include the two main configuration files (waf_maps.conf and waf_rules.conf). The individual category files (e.g., attack.conf, xss.conf) are provided for reference only and should not be included directly, as they contain both map and if directives that cannot be used in the same Nginx context.
- Include the
waf_maps.conffile in yournginx.confinside thehttpblock:http { include /path/to/waf_patterns/nginx/waf_maps.conf; # ... other http configurations ... } - Include the
waf_rules.conffile in yourserverblock:server { # ... other server configurations ... include /path/to/waf_patterns/nginx/waf_rules.conf; } - Reload Nginx to apply the changes:
sudo nginx -t && sudo systemctl reload nginx
Notes
- The
mapdirectives (defined inwaf_maps.conf) must be placed in thehttpcontext. - The
ifrules (defined inwaf_rules.conf) must be placed in aserverorlocationcontext. - Do not try to include individual category files like
attack.confdirectly - they are auto-generated for reference and viewing purposes only. - Blocked requests return a
403 Forbiddenresponse by default. - You can enable logging for blocked requests by uncommenting the
access_logline.