You will need to perform a manual modification of your nginX virtual host file to achieve this.
Add the following code to your nginX virtual host file to block the most common query strings used for malicious purposes:
Use these rules at your own risk. If your site starts to behave unexpectedly you may need to adjust the code to suit your needs.
[ez_code]if ($query_string ~* “[a-zA-Z0-9_]=http://”){return 403;}
if ($query_string ~* “[a-zA-Z0-9_]=(\.\.//?)+”){return 403;}
if ($query_string ~* “[a-zA-Z0-9_]=/([a-z0-9_.]//?)+”){return 403;}
if ($query_string ~* “\=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}”){return 403;}
if ($query_string ~* “(\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f|%2e\.%2f|%2e\./|\.%2e%2f|\.%2e/)”){return 403;}
if ($query_string ~* “ftp\:”){return 403;}
if ($query_string ~* “http\:”){return 403;}
if ($query_string ~* “https\:”){return 403;}
if ($query_string ~* “\=\|w\|”){return 403;}
if ($query_string ~* “^(.*)/self/(.*)$”){return 403;}
if ($query_string ~* “^(.*)cPath=http://(.*)$”){return 403;}
if ($query_string ~* “(\<|%3C).*script.*(\>|%3E)”){return 403;}
if ($query_string ~* “(<|%3C)([^s]*s)+cript.*(>|%3E)”){return 403;}
if ($query_string ~* “(\<|%3C).*embed.*(\>|%3E)”){return 403;}
if ($query_string ~* “(<|%3C)([^e]*e)+mbed.*(>|%3E)”){return 403;}
if ($query_string ~* “(\<|%3C).*object.*(\>|%3E)”){return 403;}
if ($query_string ~* “(<|%3C)([^o]*o)+bject.*(>|%3E)”){return 403;}
if ($query_string ~* “(\<|%3C).*iframe.*(\>|%3E)”){return 403;}
if ($query_string ~* “(<|%3C)([^i]*i)+frame.*(>|%3E)”){return 403;}
if ($query_string ~* “base64_encode.*\(.*\)”){return 403;}
if ($query_string ~* “base64_(en|de)code[^(]*\([^)]*\)”){return 403;}
if ($query_string ~ “GLOBALS(=|\[|\%[0-9A-Z]{0,2})”){return 403;}
if ($query_string ~ “_REQUEST(=|\[|\%[0-9A-Z]{0,2})”){return 403;}
if ($query_string ~* “^.*(\(|\)|<|>|%3c|%3e).*”){return 403;}
if ($query_string ~* “^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x7f).*”){return 403;}
if ($query_string ~ “(NULL|OUTFILE|LOAD_FILE)”){return 403;}
if ($query_string ~* “(\.{1,}/)+(motd|etc|bin)”){return 403;}
if ($query_string ~* “(localhost|loopback|127\.0\.0\.1)”){return 403;}
if ($query_string ~* “(<|>|’|%0A|%0D|%27|%3C|%3E|%00)”){return 403;}
if ($query_string ~* “concat[^\(]*\(“){return 403;}
if ($query_string ~* “union([^s]*s)+elect”){return 403;}
if ($query_string ~* “union([^a]*a)+ll([^s]*s)+elect”){return 403;}
if ($query_string ~* “\-[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file)”){return 403;}
if ($query_string ~* “(;|<|>|’|\”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode)”){return 403;}
if ($query_string ~* “(sp_executesql)”){return 403;}
location ~ ^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php) {deny all;}
if ($query_string ~* “^author=([0-9]){1,}$”){rewrite ^(.*)$ /$1?author=999999 break;}
if ($query_string ~* “^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$”){return 403;}
if ($query_string ~* “(timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php)”){return 403;}[/ez_code]
1791 NginX
Total 0 Votes:
0
0