Facebook
Twitter
I am in the process of implementing nginx as front-end proxy and keep using apache. We see a lot of queries we would like to block. 2 Examples of things we see in our Apache access-logs:
GET /liquids/coopervision-biomedics-all-in-one-flight-pack/1111111111111%22%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45)%20--%20/*%20order%20by%20%22as%20/*
GET /bijproducten/alpine-hearing-protection-partyplug/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(101,99,121,73,79,102,68,81,121,66,117,89),1),name_const(CHAR(101,99,121,73,79,102,68,81,121,66,117,89),1))a)%20--%20%22x%22=%22x/
I actually have 2 questions:
1) In which nginx-config file can I add filter rules so they work server-wide. If I chech the nginx-configuration, in most files I see "DO NOT MODIFY" as they are generated by plesk.
2) Can anyone help me with an example (regex) of blocking these kind of requests with nginx before they reach apache. For example a filter rule that block requests containing the string "UNION%20SELECT%20CHAR(45" or "select%20name_const(CHAR"
Any help will be appreciated.
Gijsbert
GET /liquids/coopervision-biomedics-all-in-one-flight-pack/1111111111111%22%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45)%20--%20/*%20order%20by%20%22as%20/*
GET /bijproducten/alpine-hearing-protection-partyplug/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(101,99,121,73,79,102,68,81,121,66,117,89),1),name_const(CHAR(101,99,121,73,79,102,68,81,121,66,117,89),1))a)%20--%20%22x%22=%22x/
I actually have 2 questions:
1) In which nginx-config file can I add filter rules so they work server-wide. If I chech the nginx-configuration, in most files I see "DO NOT MODIFY" as they are generated by plesk.
2) Can anyone help me with an example (regex) of blocking these kind of requests with nginx before they reach apache. For example a filter rule that block requests containing the string "UNION%20SELECT%20CHAR(45" or "select%20name_const(CHAR"
Any help will be appreciated.
Gijsbert
