Are you worrying about your website being swept away all the time? Is my website helpless without an enterprise-level firewall? If you are using nginx, congratulations. The nginx configuration file is a script program that can help you filter all the submitted content you want to filter. I have summarized some anti-injection scanning rules for nginx, hope to be useful to you:
If ($ request_uri ~ * "([+ | (% 20)] and [+ | (% 20)]) | ([+ | (% 20)] or [+ | (% 20)]) | ([+ | (% 20)] select [+ | (% 20)]) | ([+ | (% 20)] exec [+ | (% 20)]) | ([+ | (% 20)] union [+ | (% 20)]) ") {return 404 ;} if ($ request_uri ~ * "(Cost \ () | (concat \ ()") {return 404;} if ($ query_string ~ "(<| % 3C). * script. * (> | % 3E)") {return 404;} if ($ query_string ~ "GLOBALS (= | [| % [0-9A-Z] {404})") {return;} if ($ query_string ~ "_ REQUEST (= | [| % [0-9A-Z] {404})") {return;} if ($ query_string ~ "Proc/self/environ") {return 404;} if ($ query_string ~ "MosConfig _ [a-zA-Z _] {404} (= | % 3D)") {return;} if ($ query_string ~ "Base64 _ (en | de) code (. *)") {return 404;} if ($ http_user_agent ~ "Python-urllib") {return 404 ;}
NOTE: If your application is a high-level management background, such as phpmyadmin, this rule will make some functions of these programs unavailable, because these program parameters contain SQL statements. In the program, you can also change the return 404 to your own response mode or response page. Scare the tester ~
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
