mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-03 16:03:38 +00:00
67 lines
1.1 KiB
Plaintext
67 lines
1.1 KiB
Plaintext
## Block SQL injections
|
|
if ($query_string ~ "union.*select.*\(") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "union.*all.*select.*") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "concat.*\(") {
|
|
return 403;
|
|
}
|
|
|
|
## Block file injections
|
|
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
|
|
return 403;
|
|
}
|
|
|
|
## Block common exploits
|
|
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "proc/self/environ") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "base64_(en|de)code\(.*\)") {
|
|
return 403;
|
|
}
|
|
|
|
if ($http_user_agent ~ "Google-Extended") {
|
|
return 403;
|
|
}
|
|
|
|
if ($http_user_agent ~ "GPTBot") {
|
|
return 403;
|
|
}
|
|
|
|
if ($http_user_agent ~ "ChatGPT-User") {
|
|
return 403;
|
|
}
|
|
|
|
if ($http_user_agent ~ "CCBot") {
|
|
return 403;
|
|
}
|