nginx防SQL注入与文件注入的相关安全设置

配置文件可以在一定程度上防止sql与文件形式的注入，放在配置文件的server块里面。
		
					server{

					[...]

					## Block SQL injections

					set$block_sql_injections0;

					if($query_string ~ "union.*select.*\("){

					set$block_sql_injections1;

					}

					if($query_string ~ "union.*all.*select.*"){

					set$block_sql_injections1;

					}

					if($query_string ~ "concat.*\("){

					set$block_sql_injections1;

					}

					if($block_sql_injections = 1){

					return403;

					}

					## Block file injections

					set$block_file_injections0;

					if($query_string ~ "[a-zA-Z0-9_]=http://"){

					set$block_file_injections1;

					}

					if($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+"){

					set$block_file_injections1;

					}

					if($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"){

					set$block_file_injections1;

					}

					if($block_file_injections = 1){

					return403;

					}

					## Block common exploits

					set$block_common_exploits0;

					if($query_string ~ "(<|%3C).*script.*(>|%3E)"){

					set$block_common_exploits1;

					}

					if($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})"){

					set$block_common_exploits1;

					}

					if($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})"){

					set$block_common_exploits1;

					}

					if($query_string ~ "proc/self/environ"){

					set$block_common_exploits1;

					}

					if($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)"){

					set$block_common_exploits1;

					}

					if($query_string ~ "base64_(en|de)code\(.*\)"){

					set$block_common_exploits1;

					}

					if($block_common_exploits = 1){

					return403;

					}

					## Block spam

					set$block_spam0;

					if($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b"){

					set$block_spam1;

					}

					if($query_string ~"\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b"){

					set$block_spam1;

					}

					if($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b"){

					set$block_spam1;

					}

					if($query_string ~"\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b"){

					set$block_spam1;

					}

					if($block_spam = 1){

					return403;

					}

					## Block user agents

					set$block_user_agents0;

					# Don't disable wget if you need it to run cron jobs!

					#if ($http_user_agent ~ "Wget") {

					#    set $block_user_agents 1;

					#}

					# Disable Akeeba Remote Control 2.5 and earlier

					if($http_user_agent ~ "Indy Library"){

					set$block_user_agents1;

					}

					# Common bandwidth hoggers and hacking tools.

					if($http_user_agent ~ "libwww-perl"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "GetRight"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "GetWeb!"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "Go!Zilla"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "Download Demon"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "Go-Ahead-Got-It"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "TurnitinBot"){

					set$block_user_agents1;

					}

					if($http_user_agent ~ "GrabNet"){

					set$block_user_agents1;

					}

					if($block_user_agents = 1){

					return403;

					}

					}
(责任编辑：IT)
搜索

热门标签:

nginx防SQL注入与文件注入的相关安全设置
