4
nginx解决sql注入
source link: http://abcdxyzk.github.io/blog/2022/10/30/nginx-sqlmap/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
nginx解决sql注入
2022-10-30 18:46:00
https://blog.csdn.net/A_Apprentice/article/details/125861741
get请求好处理
post请求 由于需要拿到请求体,需要安装lua插件支持
当前方案 :
get在server级别处理
post在lication级别处理
if ($query_string ~* ".*('|--|union|insert|drop|truncate|update|from|grant|where|select|and|chr|mid|like|iframe|script|alert|webscan|dbappsecurity|style|WAITFOR|confirm|innerhtml|innertext|class).*") { return 403; }
#if ($uri ~* (.*)(insert|select|delete|update|count|master|truncate|declare|\*|%|\')(.*)$ ) { return 403; }
if ($http_user_agent ~ ApacheBench|WebBench|Jmeter|JoeDog|Havij|GetRight|TurnitinBot|GrabNet|masscan|mail2000|github|wget|curl) { return 444; }
if ($http_user_agent ~ "Go-Ahead-Got-It") { return 444; }
if ($http_user_agent ~ "GetWeb!") { return 444; }
if ($http_user_agent ~ "Go!Zilla") { return 444; }
if ($http_user_agent ~ "Download Demon") { return 444; }
if ($http_user_agent ~ "Indy Library") { return 444; }
if ($http_user_agent ~ "libwww-perl") { return 444; }
if ($http_user_agent ~ "Nmap Scripting Engine") { return 444; }
if ($http_user_agent ~ "Load Impact") { return 444; }
if ($http_user_agent ~ "~17ce.com") { return 444; }
if ($http_user_agent ~ "WebBench*") { return 444; }
if ($http_referer ~* 17ce.com) { return 444; }
if ($http_user_agent ~* qiyunce) { return 444; }
if ($http_user_agent ~* YunGuanCe) { return 403; }
if ($http_referer ~* WebBench*") { return 444; }
if ($http_user_agent ~ "BLEXBot") { return 403; }
if ($http_user_agent ~ "MJ12bot") { return 403; }
if ($http_user_agent ~ "semalt.com") { return 403; }
if ($http_user_agent ~ "sqlmap") { return 403; }
#自动防护
if ($request_uri ~* .(htm|do)?(.*)$) {
set $req $2;
}
#if ($req ~* "(cost()|(concat()") {
# return 503;
#}
if ($req ~* "union[+|(%20)]") {
return 503;
}
if ($req ~* "and[+|(%20)]") {
return 503;
}
if ($req ~* "select[+|(%20)]") {
return 503;
}
#溢出过滤
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { return 403; }
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { return 403; }
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { return 403; }
if ($query_string ~ "proc/self/environ") { return 403; }
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { return 403; }
if ($query_string ~ "base64_(en|de)code\(.*\)") { return 403; }
#文件注入禁止
if ($query_string ~ "[a-zA-Z0-9_]=http://") { return 403; }
if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { return 403; }
if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { return 403; }
location / {
lua_need_request_body on;
access_by_lua_block {
local body = ngx.var.request_body
if ngx.var.request_method == "POST" and body ~= nil then
local regex = "(.*?((union)|(insert)|(drop)|(truncate)|(update)|(from)|(grant)|(where)|(select)|(chr)|(mid)|(like)|(iframe)|(alert)|(webscan)|(dbappsecurity)|(style)|(WAITFOR)|(confirm)|(innerhtml)|(innertext)|(class)).*?){1,}"
local m = ngx.re.match(body, regex)
if m then
ngx.say(body)
ngx.say('{"code": 999,"msg": "非法参数","ok": false,"runningTime": "0ms"}')
end
end
}
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_next_upstream http_502 error timeout invalid_header;
proxy_pass http://192.168.100.199:8888;
#proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK