59 lines
1.8 KiB
Plaintext
59 lines
1.8 KiB
Plaintext
# Дополнительные правила WAF для защиты от атак
|
|
|
|
# Блокировка известных сканеров и инструментов
|
|
map $http_user_agent $bad_bot {
|
|
default 0;
|
|
~*bot 1;
|
|
~*crawler 1;
|
|
~*spider 1;
|
|
~*scanner 1;
|
|
~*nmap 1;
|
|
~*sqlmap 1;
|
|
~*nikto 1;
|
|
~*dirb 1;
|
|
~*gobuster 1;
|
|
~*wfuzz 1;
|
|
~*burp 1;
|
|
~*zap 1;
|
|
~*w3af 1;
|
|
~*nessus 1;
|
|
~*openvas 1;
|
|
~*acunetix 1;
|
|
~*netsparker 1;
|
|
~*appscan 1;
|
|
~*webinspect 1;
|
|
~*paros 1;
|
|
~*arachni 1;
|
|
~*skipfish 1;
|
|
~*wpscan 1;
|
|
~*joomscan 1;
|
|
~*drupalscan 1;
|
|
~*magento 1;
|
|
~*wordpress 1;
|
|
~*"Chrome/[1-7][0-9]\." 1;
|
|
~*"Firefox/[1-6][0-9]\." 1;
|
|
~*"Safari/[1-9]\." 1;
|
|
~*"MSIE [1-9]\." 1;
|
|
~*"Trident/[1-6]\." 1;
|
|
}
|
|
|
|
# Блокировка подозрительных IP (добавляем атакующий IP)
|
|
geo $bad_ip {
|
|
default 0;
|
|
198.55.98.76 1;
|
|
}
|
|
|
|
# Блокировка подозрительных запросов
|
|
map $request_uri $bad_request {
|
|
default 0;
|
|
~*\.(php|asp|aspx|jsp|cgi|pl|py|sh|bash|exe|bat|cmd|com|pif|scr|vbs|vbe|jar|war|ear|dll|so|dylib|bin|sys|ini|log|bak|old|tmp|temp|swp|swo|~)$ 1;
|
|
~*(wp-admin|wp-content|wp-includes|wp-config|wp-login|xmlrpc|admin|administrator|login|panel|dashboard) 1;
|
|
~*(phpmyadmin|mysql|database|db|sql|oracle|postgres|mongo) 1;
|
|
~*(shell|cmd|exec|system|eval|base64|decode|encode) 1;
|
|
~*(union|select|insert|update|delete|drop|create|alter|grant|revoke) 1;
|
|
~*(script|javascript|vbscript|onload|onerror|onclick) 1;
|
|
~*(../|..\\|\.\.|\.\./) 1;
|
|
~*(config|setup|install|upgrade|backup|restore) 1;
|
|
~*\.(env|config|ini|conf|cfg|yml|yaml|json|xml|sql|db|bak|backup|old|tmp|temp|log)$ 1;
|
|
~*(\.\.|\.\./|\.\.\\|\.\.%2f|\.\.%5c) 1;
|
|
} |