whitewinewobbles
Reputation: 1
Trying to block similar malicious requests with nginx
I'm having trouble trying to block a large amount of requests that are subtle variations of
/shop/?filter_product-categories=232%2C149%2C148%2C71%2C86&query_type_product-categories=or HTTP/1.1
where only the alphanumeric chunk changes. I've tried using
location ~ /(.*)([^a-z]*)query_type_product-categories=or(.*) {
return 403;
}
and several different variations, but have yet to have any luck. I'm admittedly quite new to nginx and any help would be greatly appreciated.
Upvotes: 0
Views: 277
Answers (1)
Richard Smith
Reputation: 49682
Add a location block to process the /shop/ URI, with a conditional return at the top.
The $arg_ variable below, contains the value of the query_type_product-categories argument, of which the first two characters are tested:
location = /shop/ {
if ($arg_query_type_product-categories ~ ^or) {
return 403;
}
...
}
Not sure what goes in the ..., maybe a try_files.
See this document for more. And this for caution about if.
Upvotes: 1
Related Questions
- Configure nginx with multiple locations with different root folders on subdomain
- Nginx -- static file serving confusion with root & alias
- Nginx regex location not matching
- nginx: send all requests to a single html page
- Nginx redirect all requests from subdirectory to another subdirectory root
- Nginx not caching requests coming through ELB