mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
f1bae07d6c
This commit modifies the script to output two files: - waf_maps.conf (for http block) - waf_rules.conf (for server block) to avoid conflicts and provide more flexibility. This update should fix the bugged nginx rules integration on existing setups: https://github.com/fabriziosalmi/patterns/issues/8
120 lines
2.9 KiB
Plaintext
120 lines
2.9 KiB
Plaintext
# Nginx WAF Rules
|
|
# Automatically generated from OWASP rules.
|
|
# Include this file inside server block
|
|
|
|
# WAF rules
|
|
if ($waf_block_initialization) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_attack) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_exceptions) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_rfi) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_lfi) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_enforcement) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_php) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_fixation) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_evaluation) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_sql) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_generic) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_leakages) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_java) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_xss) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_rce) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_sqli) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_iis) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_shells) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|
|
if ($waf_block_correlation) {
|
|
return 403;
|
|
# Log the blocked request (optional)
|
|
# access_log /var/log/nginx/waf_blocked.log;
|
|
}
|
|
|