You will need to perform a manual modification of your nginX virtual host file to achieve this.
Add the following code to your nginX virtual host file to block the most common query strings used for malicious purposes:

Use these rules at your own risk. If your site starts to behave unexpectedly you may need to adjust the code to suit your needs.
[ez_code]if ($query_string ~* “[a-zA-Z0-9_]=http://”){return 403;} if ($query_string ~* “[a-zA-Z0-9_]=(\.\.//?)+”){return 403;} if ($query_string ~* “[a-zA-Z0-9_]=/([a-z0-9_.]//?)+”){return 403;} if ($query_string ~* “\=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}”){return 403;} if ($query_string ~* “(\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/)”){return 403;} if ($query_string ~* “ftp\:”){return 403;} if ($query_string ~* “http\:”){return 403;} if ($query_string ~* “https\:”){return 403;} if ($query_string ~* “\=\|w\|”){return 403;} if ($query_string ~* “^(.*)/self/(.*)$”){return 403;} if ($query_string ~* “^(.*)cPath=http://(.*)$”){return 403;} if ($query_string ~* “(\<|%3C).*script.*(\>|%3E)”){return 403;} if ($query_string ~* “(<|%3C)([^s]*s)+cript.*(>|%3E)”){return 403;} if ($query_string ~* “(\<|%3C).*embed.*(\>|%3E)”){return 403;} if ($query_string ~* “(<|%3C)([^e]*e)+mbed.*(>|%3E)”){return 403;} if ($query_string ~* “(\<|%3C).*object.*(\>|%3E)”){return 403;} if ($query_string ~* “(<|%3C)([^o]*o)+bject.*(>|%3E)”){return 403;} if ($query_string ~* “(\<|%3C).*iframe.*(\>|%3E)”){return 403;} if ($query_string ~* “(<|%3C)([^i]*i)+frame.*(>|%3E)”){return 403;} if ($query_string ~* “base64_encode.*\(.*\)”){return 403;} if ($query_string ~* “base64_(en|de)code[^(]*\([^)]*\)”){return 403;} if ($query_string ~ “GLOBALS(=|\[|\%[0-9A-Z]{0,2})”){return 403;} if ($query_string ~ “_REQUEST(=|\[|\%[0-9A-Z]{0,2})”){return 403;} if ($query_string ~* “^.*(\(|\)|<|>|%3c|%3e).*”){return 403;} if ($query_string ~* “^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).*”){return 403;} if ($query_string ~ “(NULL|OUTFILE|LOAD_FILE)”){return 403;} if ($query_string ~* “(\.{1,}/)+(motd|etc|bin)”){return 403;} if ($query_string ~* “(localhost|loopback|127\.0\.0\.1)”){return 403;} if ($query_string ~* “(<|>|’|%0A|%0D|%27|%3C|%3E|%00)”){return 403;} if ($query_string ~* “concat[^\(]*\(“){return 403;} if ($query_string ~* “union([^s]*s)+elect”){return 403;} if ($query_string ~* “union([^a]*a)+ll([^s]*s)+elect”){return 403;} if ($query_string ~* “\-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file)”){return 403;} if ($query_string ~* “(;|<|>|’|\”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode)”){return 403;} if ($query_string ~* “(sp_executesql)”){return 403;} location ~ ^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php) {deny all;} if ($query_string ~* “^author=([0-9]){1,}$”){rewrite ^(.*)$ /$1?author=999999 break;} if ($query_string ~* “^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$”){return 403;} if ($query_string ~* “(timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php)”){return 403;}[/ez_code]
1791    NginX  
Total 0 Votes:
0

Tell us! How can we improve this post?

+ = Verify Human or Spambot ?

Add A Knowledge Base Question!