Nginx Configuration to block SQL Injection and similar attacks

protect.conf

        location ~* "(eval\()"  { deny all; }
        location ~* "(127\.0\.0\.1)"  { deny all; }
        location ~* "([a-z0-9]{2000})"  { deny all; }
        location ~* "(javascript\:)(.*)(\;)"  { deny all; }
        location ~* "(base64_encode)(.*)(\()"  { deny all; }
        location ~* "(GLOBALS|REQUEST)(=|\[|%)"  { deny all; }
        location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
        location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
        location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
        location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
        location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
        location ~* "(https?|ftp|php):/" { deny all; }
        location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
        location ~* "/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$" { deny all; }
        location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
        location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
        location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
        location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
        location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
        location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }

When I use it, My WP site doesn't open and reflect a Nginx 403 Forbidden Error.

Update: I tried putting each line, restarting nginx, and opening the site one by one. This Line "location ~* "/(\$(\&)?|\*|\"|\.|,|&|&?)/?$" { deny all; }" seems to be causing the issue.

Hi, would it be possible to have an explanation for each rule stating what kind of attack it's protecting and which are specific to a VirtualBox environment? Thank you.

Doesn't stop query strings with select, drop etc.