Hai.
I try to refuse some attacks with map and if.
The requests looks like:
#############
/?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00
/index.php?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00
/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D§ions=All%3Cscript%3Ealert(12345)%3C/script%3Ez
/index.php?test=../../../../../../../../../../boot.ini
#############
My solution:
#################
# http request line: "GET
/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D§ions=All%3Cscript%3Ealert(12345)%3C/script%3Ez
HTTP/1.1"
# http uri: "/index.php"
# http args:
"culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D§ions=All%3Cscript%3Ealert(12345)%3C/script%3Ez"
# http exten: "php"
map $args $block {
default 0;
"~(boot|win)\.ini" 1;
"~etc/passwd" 1;
}
location = /index.php {
if ($block) {
# include is here not allowed ;-/
# include
/home/nginx/server/conf/global_setting_for_log_to_fail2ban_for_blocking.conf;
access_log logs/fail2ban.log combined;
return 403;
}
}
#########################
Is this the most efficient way for nginx?
BR Aleks
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx