mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
18 lines
464 B
Plaintext
18 lines
464 B
Plaintext
# Nginx WAF rules for LEAKAGES
|
|
# Automatically generated from OWASP rules.
|
|
# Include this file in your server or location block.
|
|
|
|
map $request_uri $waf_block_leakages {
|
|
default 0;
|
|
"~*(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)" 1;
|
|
"~*^5d{2}$" 1;
|
|
"~*^#!s?/" 1;
|
|
}
|
|
|
|
if ($waf_block_leakages) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|