21 lines
1.3 KiB
Plaintext
21 lines
1.3 KiB
Plaintext
# nginx common web app exploits protection
|
|
|
|
location ~* "(eval\()" { deny all; }
|
|
location ~* "(127\.0\.0\.1)" { deny all; }
|
|
location ~* "([a-z0-9]{2000})" { deny all; }
|
|
location ~* "(javascript\:)(.*)(\;)" { deny all; }
|
|
location ~* "(base64_encode)(.*)(\()" { deny all; }
|
|
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
|
|
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
|
|
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
|
|
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
|
|
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
|
|
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
|
|
location ~* "(https?|ftp|php):/" { deny all; }
|
|
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
|
|
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
|
|
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
|
|
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
|
|
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
|
|
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
|
|
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; } |