From 8635b05de8a0b6b2da6f28b41b48f84f26c0787d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Pedro=20Toledo?= <joao.goncalves@itguys.com.br>
Date: Wed, 4 Feb 2026 20:04:34 -0300
Subject: [PATCH] refactor: Otimiza URIs suspeitas para Fast-Fail antes do WAF

---
 snippets/security_maps.conf | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/snippets/security_maps.conf b/snippets/security_maps.conf
index a061a08..5758b83 100644
--- a/snippets/security_maps.conf
+++ b/snippets/security_maps.conf
@@ -26,10 +26,16 @@ map $http_user_agent $is_bad_bot {
     ~*(Omgilibot|Omgili|webzio-extended|HuggingFace-Bot|Brightbot|FirecrawlAgent|Seekr|Sentibot) 1;
 }
 
-# Suspicious URI Detection
+# Suspicious URI Detection (Bloqueio de Borda / Fast-Fail)
+# Atua antes do ModSecurity para economizar processamento do WAF em ataques óbvios.
 map $request_uri $is_suspicious_uri {
     default 0;
-    ~*(\.env|\.git|/vendor/|/setup\.php|/\.well-known/|/phpmyadmin|/config\.php|composer\.json) 1;
+    # Arquivos de Configuração, Credenciais e Metadados
+    ~*(\.env|\.git|\.config|config\.php|wp-config\.php|composer\.json|web\.config) 1;
+    # Pastas e Dependências Sensíveis
+    ~*(/vendor/|/node_modules/|/backup/|/sql/|/dump/|/_ignition/|/\.vscode/) 1;
+    # Tentativas de Exploração de Aplicação Conhecidas
+    ~*(/setup\.php|/install\.php|/xmlrpc\.php|/eval-stdin\.php) 1;
 }
 
 # Combined Block Request