patterns/waf_patterns/haproxy/waf.acl

# HAProxy WAF ACL rules

# Rules for User-Agent
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int == 0 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int >= 1 }
http-request  if { User-Agent int == 0 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
http-request  if { User-Agent int < 1 }
acl block_exceptions_no_id hdr_sub(User-Agent) -i str -m str GET /
http-request  if { User-Agent int < 1 }


# High Severity Rules (Deny)

# Medium Severity Rules (Log)
http-request log if block_java_no_id or block_correlation_no_id or block_detection_no_id or block_fixation_no_id or block_rfi_no_id or block_rce_no_id or block_attack_no_id or block_enforcement_no_id or block_php_no_id or block_evaluation_no_id or block_initialization_no_id or block_shells_no_id or block_generic_no_id or block_leakages_no_id or block_iis_no_id or block_sql_no_id or block_lfi_no_id or block_xss_no_id or block_exceptions_no_id or block_sqli_no_id

# Low Severity Rules (Tarpit)