Espace Client

 Espace Client

Bloquer les attaques et les injections SQL avec Nginx

Bloquer Les Attaques Et Des Injections Sql Avec Nginx

Sections

    Créer un fichier /etc/nginx/common/protect.conf avec le contenu suivant :

    # Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files
    location ~*  "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
        deny all;
    }
    # Deny access to backup extensions & log files 
    location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
        deny all;
    }
    # deny access to hidden files and directories
    location ~ /\.(?!well-known\/) {
        deny all;
    }
    # deny access to base64 encoded urls
    location ~* "(base64_encode)(.*)(\()" {
        deny all;
    }
    # deny access to url with the javascript eval() function
    location ~* "(eval\()" {
        deny all;
    }
    # deny access to url which include "127.0.0.1"
    location ~* "(127\.0\.0\.1)" {
        deny all;
    }
    location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
        deny all;
    }
    location ~* "(<|%3C).*script.*(>|%3)" {
        deny all;
    }
    location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
        deny all;
    }
    location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
        deny all;
    }
    location ~* "(https?|ftp|php):/" {
        deny all;
    }
    location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
        deny all;
    }
    location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
        deny all;
    }
    location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
        deny all;
    }
    location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)" {
        deny all;
    }
    location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php" {
        deny all;
    }
    

    Puis ajouter le dans la configuration de votre domaine en ajoutant la ligne suivante dans votre block server :

    include /etc/nginx/common/protect.conf;
    

    in NginxSécurité

    Feedback