Skip to content

Commit d9c2b1d

Browse files
author
Maya Baya
committed
fix: Syntax error fixes to the primitive rules
1 parent d4a0eaa commit d9c2b1d

File tree

1 file changed

+8
-20
lines changed

1 file changed

+8
-20
lines changed

container-files/etc/nginx/nginx.conf

Lines changed: 8 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -72,31 +72,19 @@ http {
7272

7373
# https://ayrn.io/how-to-harden-nginx-security/
7474

75-
location ~* "(eval\(|shell_exec\(|exec\(|system\(unserialize\(|query\(|serialize\(|popen\(|pcntl_exec\(|passthru\(|require\(|include\(|require_once\(|include_once\(|create_function\(|proc_open\(|base64_decode\(|str_rot13\()" { deny all }
76-
location ~* "(javascript:)(.*)(;)" { return 416 }
77-
location ~* "(GLOBALS|REQUEST)(=|[|%)" { return 416 }
78-
location ~* "(<|%3C).*script.*(>|%3)" { return 416 }
79-
80-
##
81-
# Some of SQL syntax
82-
##
83-
set $block_sql_injections 0
84-
if ($query_string ~ "union.*select.*(") { set $block_sql_injections 1 }
85-
if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1 }
86-
if ($query_string ~ "concat.*(") { set $block_sql_injections 1 }
87-
if ($block_sql_injections = 1) { return 416 }
75+
location ~* "(eval\(|shell_exec\(|exec\(|system\(unserialize\(|query\(|serialize\(|popen\(|pcntl_exec\(|passthru\(|require\(|include\(|require_once\(|include_once\(|create_function\(|proc_open\(|base64_decode\(|str_rot13\()" { return 416; }
76+
location ~* "(javascript:)(.*)(;)" { return 416; }
77+
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { return 416; }
8878

8979
##
9080
# Block common exploits
9181
##
9282
set $block_common_exploits 0;
93-
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1 }
94-
if ($query_string ~ "GLOBALS(=|[|%[0-9A-Z]{0,2})") { set $block_common_exploits 1 }
95-
if ($query_string ~ "_REQUEST(=|[|%[0-9A-Z]{0,2})") { set $block_common_exploits 1 }
96-
if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1 }
97-
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $block_common_exploits 1 }
98-
if ($query_string ~ "(eval\(|shell_exec\(|exec\(|system\(unserialize\(|query\(|serialize\(|popen\(|pcntl_exec\(|passthru\(|require\(|include\(|require_once\(|include_once\(|create_function\(|proc_open\(|base64_decode\(|str_rot13\()") { set $block_common_exploits 1 }
99-
if ($block_common_exploits = 1) { return 416 }
83+
if ($query_string ~ "GLOBALS(=|[|%[0-9A-Z]{0,2})") { set $block_common_exploits 1; }
84+
if ($query_string ~ "_REQUEST(=|[|%[0-9A-Z]{0,2})") { set $block_common_exploits 1; }
85+
if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; }
86+
if ($query_string ~ "(eval\(|shell_exec\(|exec\(|system\(unserialize\(|query\(|serialize\(|popen\(|pcntl_exec\(|passthru\(|require\(|include\(|require_once\(|include_once\(|create_function\(|proc_open\(|base64_decode\(|str_rot13\()") { set $block_common_exploits 1; }
87+
if ($block_common_exploits = 1) { return 416; }
10088

10189
location = /favicon.ico {
10290
log_not_found off;

0 commit comments

Comments
 (0)