代码不可能是全完美的,动态网页在实用中难免会遇到sql注入的攻击。而通过nginx的配置过滤,可以很好的避免被攻击的可能。SQL注入攻击一般问号后面的请求参数,在nginx里用$query_string表示 。

一、特殊字符过滤

例如URL /plus/list.php?tid=19&mid=22′ ,后面带的单引号为非法的注入常用字符。而想避免这类攻击,可以通过下面的判断进行过滤。

1if ( $query_string ~* ".*[;'<>].*" ) {
2   return 404;
3}

二、sql语句过滤

 1if ($request_uri ~* "(cost()|(concat()") {
 2    return 444;
 3}
 4if ($request_uri ~* "[+|(%20)]union[+|(%20)]") {
 5    return 444;
 6}
 7if ($request_uri ~* "[+|(%20)]and[+|(%20)]") {
 8    return 444;
 9}
10if ($request_uri ~* "[+|(%20)]select[+|(%20)]") {
11    return 444;
12}

三、文件注入禁止

 1set $block_file_injections 0;
 2if ($query_string ~ “[a-zA-Z0-9_]=http://”) {
 3set $block_file_injections 1;
 4}
 5if ($query_string ~ “[a-zA-Z0-9_]=(..//?)+”) {
 6set $block_file_injections 1;
 7}
 8if ($query_string ~ “[a-zA-Z0-9_]=/([a-z0-9_.]//?)+”) {
 9set $block_file_injections 1;
10}
11if ($block_file_injections = 1) {
12return 444;
13}

四、溢出攻击过滤

 1set $block_common_exploits 0;
 2if ($query_string ~ “(<|%3C).*script.*(>|%3E)) {
 3set $block_common_exploits 1;
 4}
 5if ($query_string ~ “GLOBALS(=|[|%[0-9A-Z]{0,2})) {
 6set $block_common_exploits 1;
 7}
 8if ($query_string ~ “_REQUEST(=|[|%[0-9A-Z]{0,2})) {
 9set $block_common_exploits 1;
10}
11if ($query_string ~ “proc/self/environ”) {
12set $block_common_exploits 1;
13}
14if ($query_string ~ “mosConfig_[a-zA-Z_]{1,21}(=|%3D)) {
15set $block_common_exploits 1;
16}
17if ($query_string ~ “base64_(en|de)code(.*)) {
18set $block_common_exploits 1;
19}
20if ($block_common_exploits = 1) {
21return 444;
22}

五、spam字段过滤

 1set $block_spam 0;
 2if ($query_string ~ “b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)b”) {
 3set $block_spam 1;
 4}
 5if ($query_string ~ “b(erections|hoodia|huronriveracres|impotence|levitra|libido)b”) {
 6set $block_spam 1;
 7}
 8if ($query_string ~ “b(ambien|bluespill|cialis|cocaine|ejaculation|erectile)b”) {
 9set $block_spam 1;
10}
11if ($query_string ~ “b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)b”) {
12set $block_spam 1;
13}
14if ($block_spam = 1) {
15return 444;
16}

六、user-agents头过滤

 1set $block_user_agents 0;
 2if ($http_user_agent ~ “Wget”) {
 3 set $block_user_agents 1;
 4}
 5# Disable Akeeba Remote Control 2.5 and earlier
 6if ($http_user_agent ~ “Indy Library”) {
 7set $block_user_agents 1;
 8}
 9# Common bandwidth hoggers and hacking tools.
10if ($http_user_agent ~ “libwww-perl”) {
11set $block_user_agents 1;
12}
13if ($http_user_agent ~ “GetRight”) {
14set $block_user_agents 1;
15}
16if ($http_user_agent ~ “GetWeb!”) {
17set $block_user_agents 1;
18}
19if ($http_user_agent ~ “Go!Zilla”) {
20set $block_user_agents 1;
21}
22if ($http_user_agent ~ “Download Demon”) {
23set $block_user_agents 1;
24}
25if ($http_user_agent ~ “Go-Ahead-Got-It”) {
26set $block_user_agents 1;
27}
28if ($http_user_agent ~ “TurnitinBot”) {
29set $block_user_agents 1;
30}
31if ($http_user_agent ~ “GrabNet”) {
32set $block_user_agents 1;
33}
34if ($block_user_agents = 1) {
35return 444;
36}
37}

注:之所以返回444,是因为其完全不回应客户端,比403或404等更加非常节省系统资源。