External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/nginx/README.md
fabriziosalmi f1bae07d6c feat: Generate Nginx WAF config with separate map and rule files 
This commit modifies the script to output two files:
- waf_maps.conf (for http block)
- waf_rules.conf (for server block)
to avoid conflicts and provide more flexibility.

This update should fix the bugged nginx rules integration on existing setups: https://github.com/fabriziosalmi/patterns/issues/8
2025-01-28 22:41:54 +01:00

31 lines
1.0 KiB
Markdown
Raw Blame History

# Nginx WAF Configuration
This directory contains Nginx WAF configuration files generated from OWASP rules.
You can include these files in your existing Nginx configuration to enhance security.
## Usage
1. Include the `waf_maps.conf` file in your `nginx.conf` *inside the `http` block*:
```nginx
http {
include /path/to/waf_patterns/nginx/waf_maps.conf;
# ... other http configurations ...
}
```
2. Include the `waf_rules.conf` file in your `server` block:
```nginx
server {
# ... other server configurations ...
include /path/to/waf_patterns/nginx/waf_rules.conf;
}
```
3. Reload Nginx to apply the changes:
```bash
sudo nginx -t && sudo systemctl reload nginx
```
## Notes
- The rules use `map` directives for efficient pattern matching. The maps are defined in the `waf_maps.conf` file.
- The rules (if statements) are defined in the `waf_rules.conf` file.
- Blocked requests return a `403 Forbidden` response by default.
- You can enable logging for blocked requests by uncommenting the `access_log` line.
Reference in New Issue View Git Blame Copy Permalink