Aleksandar Lazic
June 07, 2015 06:42AM
Hai.

I try to refuse some attacks with map and if.

The requests looks like:

#############
/?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00

/index.php?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00

/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez

/index.php?test=../../../../../../../../../../boot.ini
#############

My solution:

#################
# http request line: "GET
/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez
HTTP/1.1"
# http uri: "/index.php"
# http args:
"culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez"
# http exten: "php"

map $args $block {
default 0;
"~(boot|win)\.ini" 1;
"~etc/passwd" 1;
}

location = /index.php {
if ($block) {
# include is here not allowed ;-/
# include
/home/nginx/server/conf/global_setting_for_log_to_fail2ban_for_blocking.conf;
access_log logs/fail2ban.log combined;
return 403;
}
}
#########################

Is this the most efficient way for nginx?

BR Aleks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Right use of 'if'

Aleksandar Lazic June 07, 2015 06:42AM

Re: Right use of 'if'

itpp2012 June 07, 2015 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 326
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready