mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00

fabriziosalmi f1bae07d6c feat: Generate Nginx WAF config with separate map and rule files

This commit modifies the script to output two files:
- waf_maps.conf (for http block)
- waf_rules.conf (for server block)
to avoid conflicts and provide more flexibility.

This update should fix the bugged nginx rules integration on existing setups: https://github.com/fabriziosalmi/patterns/issues/8

2025-01-28 22:41:54 +01:00

1.0 KiB

Raw Blame History

Nginx WAF Configuration

This directory contains Nginx WAF configuration files generated from OWASP rules. You can include these files in your existing Nginx configuration to enhance security.

Usage

Include the waf_maps.conf file in your nginx.conf inside the http block:

http {
    include /path/to/waf_patterns/nginx/waf_maps.conf;
    # ... other http configurations ...
}

Include the waf_rules.conf file in your server block:

server {
    # ... other server configurations ...
    include /path/to/waf_patterns/nginx/waf_rules.conf;
}

Reload Nginx to apply the changes:

sudo nginx -t && sudo systemctl reload nginx

Notes

The rules use map directives for efficient pattern matching. The maps are defined in the waf_maps.conf file.
The rules (if statements) are defined in the waf_rules.conf file.
Blocked requests return a 403 Forbidden response by default.
You can enable logging for blocked requests by uncommenting the access_log line.

1.0 KiB Raw Blame History

Nginx WAF Configuration

Usage

Notes

1.0 KiB

Raw Blame History