mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 17:55:48 +00:00
53 lines
1.0 KiB
Plaintext
53 lines
1.0 KiB
Plaintext
# Nginx WAF rules for LEAKAGES
|
|
location / {
|
|
set $attack_detected 0;
|
|
|
|
if ($request_uri ~* "@lt 1") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 1") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@rx ^#!s?/") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 2") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 2") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@rx ^5d{2}$") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 3") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 3") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 4") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($request_uri ~* "@lt 4") {
|
|
set $attack_detected 1;
|
|
}
|
|
|
|
if ($attack_detected = 1) {
|
|
return 403;
|
|
}
|
|
}
|