patterns/waf_patterns/nginx/evaluation.conf

# Nginx WAF rules for EVALUATION
location / {
    set $attack_detected 0;

    if ($request_uri ~* "@ge 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge %{tx.outbound_anomaly_score_threshold}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@eq 1") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge 3") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge %{tx.inbound_anomaly_score_threshold}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge 4") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "@ge 2") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}