Skip to content

Instantly share code, notes, and snippets.

@VirtuBox
Created June 23, 2017 20:54
Show Gist options
  • Save VirtuBox/5fedc39c30813f5373aa8ae9328a0ec3 to your computer and use it in GitHub Desktop.
Save VirtuBox/5fedc39c30813f5373aa8ae9328a0ec3 to your computer and use it in GitHub Desktop.
Nginx Configuration to block SQL Injection and similar attacks
location ~* "(eval\()" { deny all; }
location ~* "(127\.0\.0\.1)" { deny all; }
location ~* "([a-z0-9]{2000})" { deny all; }
location ~* "(javascript\:)(.*)(\;)" { deny all; }
location ~* "(base64_encode)(.*)(\()" { deny all; }
location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; }
location ~* "(<|%3C).*script.*(>|%3)" { deny all; }
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; }
location ~* "(boot\.ini|etc/passwd|self/environ)" { deny all; }
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" { deny all; }
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; }
location ~* "(https?|ftp|php):/" { deny all; }
location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; }
location ~* "/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$" { deny all; }
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" { deny all; }
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; }
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" { deny all; }
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" { deny all; }
location ~* "\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; }
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php" { deny all; }
@AmibeWebsites
Copy link

AmibeWebsites commented Nov 10, 2018

Hi, would it be possible to have an explanation for each rule stating what kind of attack it's protecting and which are specific to a VirtualBox environment? Thank you.

@gpeipman
Copy link

Doesn't stop query strings with select, drop etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment