mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-03 07:53:39 +00:00
51 lines
890 B
Plaintext
51 lines
890 B
Plaintext
## Block SQL injections
|
|
if ($query_string ~ "union.*select.*\(") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "union.*all.*select.*") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "concat.*\(") {
|
|
return 403;
|
|
}
|
|
|
|
## Block file injections
|
|
if ($query_string ~ "[a-zA-Z0-9_]=http://") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
|
|
return 403;
|
|
}
|
|
|
|
## Block common exploits
|
|
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "proc/self/environ") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
|
|
return 403;
|
|
}
|
|
|
|
if ($query_string ~ "base64_(en|de)code\(.*\)") {
|
|
return 403;
|
|
}
|