RTMP/Build/nginx/conf/nginx-simple-WAF.conf

# http://nginx-win.ecsds.eu/
#
# A very simple Web Application Firewall
#
map $http_referer $waffableref {
    default                                 0;
    ~*\{.*\:\;                              1;
}
map $http_user_agent $waffableua {
    default                                 0;
    ~*\{.*\:\;                              1;
}
map $request $waffablereq {
    default                                 0;
    ~*cgi-bin                               1;
    ~*editor\/                              1;
    ~*mysql                                 1;
    ~*vtigercrm                             1;
    ~*webdav                                1;
    ~*xmlrpc\.php                           1;
    ~*\/admin\.php                          1;
    ~*\/admin\/config\.php                  1;
    ~*\/admin\/common\/                     1;
    ~*\/admin\/reports\.php                 1;
    ~*\/administrator                       1;
    ~*\/connector\.asp                      1;
    ~*\/elfinder                            1;
    ~*\/exec\/                              1;
    ~*\/HNAP1\/                             1;
    ~*\/hudson\/script                      1;
    ~*\/include\/shell\.php                 1;
    ~*\/invoker\/EJBInvokerServlet          1;
    ~*\/manager\/ht                         1;
    ~*\/muieblackcat                        1;
    ~*\/proxy.txt                           1;
    ~*\/scripts\/setup                      1;
    ~*\/session\/login\.php                 1;
    ~*\/sprawdza\.php                       1;
    ~*\/sqlite                              1;
    ~*\/web-console\/                       1;
    ~*\/wordpress\/wp-admin\/               1;
    ~*\/wp-login\.php                       1;
    ~*\/zologize\/axa\.php                  1;
}
map $waffablereq$waffableref$waffableua $waffable {
    default                                 0;
    ~1                                      1;
}
# you could break something you use yourself :)
# between http {} include nginx-simple-WAF.conf;
# inside location {} if ($waffable) { error_page 412 @412fart; return 412; }
#                       or a simple { return 412; }
# inside server {} after last location, location @412fart { root html; rewrite ^ /412fart.html break; }
#
first commit 2024-11-18 14:20:44 +08:00			`# http://nginx-win.ecsds.eu/`
			`#`
			`# A very simple Web Application Firewall`
			`#`
			`map $http_referer $waffableref {`
			`default 0;`
			`~\{.\:\; 1;`
			`}`
			`map $http_user_agent $waffableua {`
			`default 0;`
			`~\{.\:\; 1;`
			`}`
			`map $request $waffablereq {`
			`default 0;`
			`~*cgi-bin 1;`
			`~*editor\/ 1;`
			`~*mysql 1;`
			`~*vtigercrm 1;`
			`~*webdav 1;`
			`~*xmlrpc\.php 1;`
			`~*\/admin\.php 1;`
			`~*\/admin\/config\.php 1;`
			`~*\/admin\/common\/ 1;`
			`~*\/admin\/reports\.php 1;`
			`~*\/administrator 1;`
			`~*\/connector\.asp 1;`
			`~*\/elfinder 1;`
			`~*\/exec\/ 1;`
			`~*\/HNAP1\/ 1;`
			`~*\/hudson\/script 1;`
			`~*\/include\/shell\.php 1;`
			`~*\/invoker\/EJBInvokerServlet 1;`
			`~*\/manager\/ht 1;`
			`~*\/muieblackcat 1;`
			`~*\/proxy.txt 1;`
			`~*\/scripts\/setup 1;`
			`~*\/session\/login\.php 1;`
			`~*\/sprawdza\.php 1;`
			`~*\/sqlite 1;`
			`~*\/web-console\/ 1;`
			`~*\/wordpress\/wp-admin\/ 1;`
			`~*\/wp-login\.php 1;`
			`~*\/zologize\/axa\.php 1;`
			`}`
			`map $waffablereq$waffableref$waffableua $waffable {`
			`default 0;`
			`~1 1;`
			`}`
			`# you could break something you use yourself :)`
			`# between http {} include nginx-simple-WAF.conf;`
			`# inside location {} if ($waffable) { error_page 412 @412fart; return 412; }`
			`# or a simple { return 412; }`
			`# inside server {} after last location, location @412fart { root html; rewrite ^ /412fart.html break; }`
			`#`