Hai.

I try to refuse some attacks with map and if.

The requests looks like:

#############
/?id=…/…/…/…/…/…/etc/passwd%00&page=…/…/…/…/…/…/etc/passwd%00&file=…/…/…/…/…/…/etc/passwd%00&inc=…/…/…/…/…/…/etc/passwd%00&load=…/…/…/…/…/…/etc/passwd%00&path=…/…/…/…/…/…/etc/passwd%00

/index.php?id=…/…/…/…/…/…/etc/passwd%00&page=…/…/…/…/…/…/etc/passwd%00&file=…/…/…/…/…/…/etc/passwd%00&inc=…/…/…/…/…/…/etc/passwd%00&load=…/…/…/…/…/…/etc/passwd%00&path=…/…/…/…/…/…/etc/passwd%00

/index.php?culture=…/…/…/…/…/…/…/…/…/…/windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez

/index.php?test=…/…/…/…/…/…/…/…/…/…/boot.ini
#############

My solution:

#################

http request line: "GET

/index.php?culture=…/…/…/…/…/…/…/…/…/…/windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez
HTTP/1.1"

http uri: “/index.php”

http args:

“culture=…/…/…/…/…/…/…/…/…/…/windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez”

http exten: “php”

map $args $block {
default 0;
“~(boot|win).ini” 1;
“~etc/passwd” 1;
}

location = /index.php {
if ($block) {

include is here not allowed ;-/

include

/home/nginx/server/conf/global_setting_for_log_to_fail2ban_for_blocking.conf;
access_log logs/fail2ban.log combined;
return 403;
}
}
#########################

Is this the most efficient way for nginx?

BR Aleks

Have a look at /conf/nginx-simple-WAF.conf on this site

Works on any OS.

Posted at Nginx Forum: