Welcome! Log In Create A New Profile

Advanced

Re: How to block these requests with http:// in the params?

Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
November 24, 2009 03:20AM
On Tue, Nov 24, 2009 at 02:41:04PM +0800, Shri @ DevLib.Org wrote:

> How would I go about blocking requests which try to exploit application / php flaws?
>
> One in particular is ... of the form http://www.domain.com/search.php?searchterm=http://217.218.xxx.x/abc.php
>
> I'd like to block all requests which have a param that begins with http:// (searchterm in the above case).
>
> Can this be done at a server level?

server {

if ($arg_searchterm ~ ^http://) {
return 403;
}

or for any paramter name:

if ($args ~ =http://) {
return 403;
}


--
Igor Sysoev
http://sysoev.ru/en/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

How to block these requests with http:// in the params?

Shri @ DevLib.Org November 24, 2009 01:46AM

Re: How to block these requests with http:// in the params?

Igor Sysoev November 24, 2009 03:20AM

Re: How to block these requests with http:// in the params?

Shri @ DevLib.Org November 24, 2009 03:24AM

Re: How to block these requests with http:// in the params?

packetloss November 28, 2009 02:20AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 219
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready