ผมคัดมาแล้ว ไม่ชนกับสคิปปกติทั่วๆไป รันในเครื่องที่มีลูกค้า 500โดเมนก็ไม่มีปัญหา
#some bot does not send user-agent, just block them
if ($http_user_agent = “”) {
set $proxyflag “forbidden”;
return 403;
}
#security for timthumb remote code execution exploit
if ($request_uri ~* “\.php.*src=.*(flickr\.com|picasa\.com|blogger\.com|wordpress\.com|img\.youtube\.com|wikimedia\.org|photobucket\.com|imgur\.com|imageshack\.us|tinypic\.com)”) {
set $proxyflag “forbidden”;
return 403;
}
#cached and upload folder should not have any php file
if ($request_uri ~* “/cache/.*\.php”) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_uri ~* “/uploads?/.*\.php”) {
set $proxyflag “forbidden”;
return 500;
}
#bad behavior url (known botnet/trojan)
if ($request_uri ~* “\?.*eval\(“) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_body ~* “\?.*eval\(“) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_body ~* “<!–mfunc”) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_uri ~* “act=phptools”) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_uri ~* “act=udp”) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_uri ~* “(passthru|exec|system|eval).*base64_decode”) {
set $proxyflag “forbidden”;
return 500;
}
#disabled due to client incompatibility
#set $testfilter “$request_method$http_referer”;
#if ($testfilter = “POST”) {
# set $proxyflag “forbidden”;
# return 500;
#}
#sql injection request
if ($query_string ~* “union.?.?all.?.?select”) {
set $proxyflag “forbidden”;
return 500;
}
#known botnet
if ($request_uri ~* “/(dvmessages|sh).php”) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_body ~* “c_id=”) {
set $proxyflag “forbidden”;
return 500;
}
#sql injection tools
if ($http_user_agent ~* “Havij”) {
set $proxyflag “forbidden”;
return 500;
}
if ($http_user_agent ~* “sqlmap/”) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “baidu|yand” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “Baiduspider” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “AhrefsBot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “rogerbot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “exabot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “MJ12bot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “dotbot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “gigabot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ($http_user_agent ~* “PycURL/7.23.1”) {
set $proxyflag “forbidden”;
return 500;
}
if ( $http_user_agent ~* “BLEXBot” ) {
set $proxyflag “forbidden”;
return 500;
}
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
   return 444;
}
#########tenfix
location ~* ^/wp-content/uploads/.*.(php|pl|py|jsp|asp|htm|html|shtml|sh|cgi)$ {
        types { }
        default_type text/plain;
        }
#location ~* .(administrator|[pP]hp[mM]y[aA]dmin) {
#        deny all;
#}
location ~* .(display_errors|set_time_limit|allow_url_include.*disable_functions.*open_basedir|set_magic_quotes_runtime|webconfig.txt.php|file_put_contentssever_root|wlwmanifest) {
        deny all;
}
location ~ /(\.ht|wp-config.php|readme.html|license.txt|nginx.conf|wp-config-sample.php|readme.txt|dbconfig.php) {
    deny all;
}
location ~* \.(pl|cgi|py|sh|lua)$ { return 444; }
location ~* .(\;|’|\”|%22).*(request|insert|union|declare|drop)$ {
        deny all;
}
#location ~* .(globals|encode|localhost|loopback|xmlrpc) {
#        deny all;
#}
location ~* /xmlrpc.php$ {
    allow 172.0.1.1;
    deny all;
}
location ~* /(?:uploads|files|wp-content|wp-includes|akismet)/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
}
location ~ /\.(svn|git)/* {
    deny all;
    access_log off;
    log_not_found off;
}
location ~ /\.ht {
    deny all;
    access_log off;
    log_not_found off;
}
location ~ /\.user.ini {
    deny all;
    access_log off;
    log_not_found off;
}
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*.php { deny all; }
location ~* “(eval\()”  { deny all; }
location ~* “(127\.0\.0\.1)”  { deny all; }
location ~* “([a-z0-9]{2000})”  { deny all; }
location ~* “(javascript\:)(.*)(\;)”  { deny all; }
location ~* “(base64_encode)(.*)(\()”  { deny all; }
location ~* “(GLOBALS|REQUEST)(=|\[|%)”  { deny all; }
location ~* “(<|%3C).*script.*(>|%3)” { deny all; }
##not test
location ~ “(\\|\.\.\.|\.\./|~|`|<|>|\|)” { deny all; }
location ~* “(boot\.ini|etc/passwd|self/environ)” { deny all; }
location ~* “(thumbs?(_editor|open)?|tim(thumb)?)\.php” { deny all; }
location ~* “(\’|\”)(.*)(drop|insert|md5|select|union)” { deny all; }
location ~* “(https?|ftp|php):/” { deny all; }
location ~* “(=\\\’|=\\%27|/\\\’/?)\.” { deny all; }
#location ~* “/(\$(\&)?|\*|\”|\.|,|&|&?)/?$” { deny all; }
location ~ “(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\”\\\”)” { deny all; }
location ~ “(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)” { deny all; }
location ~* “/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)” { deny all; }
location ~* “(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)” { deny all; }
location ~* “\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$” { deny all; }
location ~* “/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php” { deny all; }
# secrules.conf, a snippet containing security rules for Nginx hosts
# Block request methods that are unnecessary for serving your content
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 444;
}
# Block scripts from being executed from your uploads folder. They will be served as text.
# If you don’t serve scripts at all, you could block them altogether instead.
location ~* ^/wp-content/uploads/.*.(php|pl|py|jsp|asp|htm|html|shtml|sh|cgi)$ {
types { }
default_type text/plain;
}
#Block attempts to access PHPMyAdmin. If you actually use it, don’t include this rule!
#location ~* .(administrator|[pP]hp[mM]y[aA]dmin) {
# deny all;
# }
#location ~* .(globals|encode|localhost|loopback|xmlrpc) {
# deny all;
# }
# Disallow scripts
location ~* \.(pl|cgi|py|sh|lua)$ { return 444; }
# Help guard against SQL injection
location ~* .(\;|’|\”|%22).*(request|insert|union|declare|drop)$ {
deny all;
}
# Disallow access to parts of wp-includes
# Many sites recommend blocking wp-includes altogether but in my experience this breaks WordPress
location ~* wp-admin/includes { deny all; }
location ~* wp-includes/theme-compat/ { deny all; }
location ~* wp-includes/js/tinymce/langs/.*.php { deny all; }

ใส่ความเห็น

อีเมลของคุณจะไม่แสดงให้คนอื่นเห็น ช่องข้อมูลจำเป็นถูกทำเครื่องหมาย *