patterns/waf_patterns/nginx/initialization.conf

# Nginx WAF rules for INITIALIZATION
location / {
    set $attack_detected 0;

    if ($request_uri ~* "!@rx (?:URLENCODED|MULTIPART|XML|JSON)") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 100") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 0") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^[a-f]*([0-9])[a-f]*([0-9])") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^.*$") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}