patterns/waf_patterns/nginx/rfi.conf

# Nginx WAF rules for RFI
location / {
    set $attack_detected 0;

    if ($request_uri ~* "!@endsWith .%{request_headers.host}") {
        set $attack_detected 1;
    }

    if ($request_uri ~* "^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})") {
        set $attack_detected 1;
    }

    if ($attack_detected = 1) {
        return 403;
    }
}