joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: Otimiza URIs suspeitas para Fast-Fail antes do WAF

This commit is contained in:
João Pedro Toledo Goncalves 2026-02-04 20:04:34 -03:00
parent 2a27e07359
commit 8635b05de8
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
snippets/security_maps.conf
View File

@ -26,10 +26,16 @@ map $http_user_agent $is_bad_bot {
~*(Omgilibot|Omgili|webzio-extended|HuggingFace-Bot|Brightbot|FirecrawlAgent|Seekr|Sentibot) 1;
}
# Suspicious URI Detection
# Suspicious URI Detection (Bloqueio de Borda / Fast-Fail)
# Atua antes do ModSecurity para economizar processamento do WAF em ataques óbvios.
map $request_uri $is_suspicious_uri {
default 0;
~*(\.env|\.git|/vendor/|/setup\.php|/\.well-known/|/phpmyadmin|/config\.php|composer\.json) 1;
# Arquivos de Configuração, Credenciais e Metadados
~*(\.env|\.git|\.config|config\.php|wp-config\.php|composer\.json|web\.config) 1;
# Pastas e Dependências Sensíveis
~*(/vendor/|/node_modules/|/backup/|/sql/|/dump/|/_ignition/|/\.vscode/) 1;
# Tentativas de Exploração de Aplicação Conhecidas
~*(/setup\.php|/install\.php|/xmlrpc\.php|/eval-stdin\.php) 1;
}
# Combined Block Request