Comments on nginx: How To Block Exploits, SQL Injections, File Injections, Spam, User Agents, Etc.

Great rulesets!

If I'm not mistaken, these rules can be added to a separate config file and then included for each server block (I feel nginx would allow this). Another thing; I've come across many resources regarding the use of conditional "ifs" in the nginx config and it seems the overwhelming majority of them strongly discourage the use of it citing a hit on performance (they suggest using try_files or something similar but, obviously, that isn't applicable here so perhaps these if statements are a "necessary evil" in terms of optimizing a config).

hey, those are really great tips for additionally securing my nginx server.

was wondering if there's anywhere online to read more deeply about all this options ?

thanks,

 - d

The article is a poor solution to the problem they are trying to tackle.  The better answer is to use naxsi, the application firewall for nginx.

What is this line stopping exactly? As far as I can tell you're only blocking very specific query strings like ?foo=/b/ whereas ?foo=/b/ might be a completely legitimate request.

I'm asking because I don't see the point of the slash-one-character-slash bit (/[a-z0-9_.]/), did you forget a + there or am I missing something?

The above regex will match /?foo=/b/ar/ but not /?foo=/etc/passwd

I've been hit with a torrent of /? spam and have resorted to .htaccess to block it, but I find that it does block some legitimate queries. Like the code I've found below works, but it also blocks the previews on wordpress from working:

`<IfModule mod_rewrite.c>RewriteCond %{QUERY_STRING} ^[\-/A-Z0-9]+$ [NC]RewriteRule (.*) - [R=404]</IfModule>`

Any ideas on how to improve this?

Thanks!

Return 444; is better.

https://httpstatuses.com/444

Howdo i host multiple site on one IP, using ngix?

Can be optimized and configure without "if" :

https://gist.github.com/VirtuBox/5fedc39c30813f5373aa8ae9328a0ec3

I can do that in apache?