From 2bfd3073e942c21c34639de52311f697954bcfe6 Mon Sep 17 00:00:00 2001 From: Dumitru Uzun Date: Thu, 12 Mar 2020 17:55:53 +0200 Subject: [PATCH] Block $bad_uri_words prototype --- bots.d/bad-uri-words.conf | 17 +++++++++++++++++ bots.d/blockbots.conf | 8 ++++++++ conf.d/globalblacklist.conf | 16 ++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 bots.d/bad-uri-words.conf diff --git a/bots.d/bad-uri-words.conf b/bots.d/bad-uri-words.conf new file mode 100644 index 00000000000..663ec985c64 --- /dev/null +++ b/bots.d/bad-uri-words.conf @@ -0,0 +1,17 @@ +# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ### + +# THE RULES BELOW ARE ENABLED BY DEFAULT +# You can disable this default list by switching the values to 0 + +# Old WordPress vulnerability +"~*(?:\b)HelloThinkPHP(?:\b)" 1; + +# Trigger XDebug in production +"~*(?:\b)XDEBUG_SESSION_START(?:\b)" 1; + +# PHPUnit exploit: +# /vendor/phpunit/phpunit/phpunit.xsd +# /vendor/phpunit/phpunit/build.xml +# /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php +"~*(?:\b)vendor/phpunit/phpunit(?:\b)" 1; +"~*(?:\b)phpunit/src/Util/PHP/eval-stdin\.php(?:\b)" 1; diff --git a/bots.d/blockbots.conf b/bots.d/blockbots.conf index 5ad118e40bd..ad63f2d8132 100644 --- a/bots.d/blockbots.conf +++ b/bots.d/blockbots.conf @@ -75,6 +75,14 @@ if ($bad_referer) { return 444; } +# --------------------------------- +# BLOCK BAD URI WORDS +# --------------------------------- + +if ($bad_uri_words) { + return 444; +} + # ----------------------------- # BLOCK IP ADDRESSES and RANGES # ----------------------------- diff --git a/conf.d/globalblacklist.conf b/conf.d/globalblacklist.conf index 99bac256a87..5b6f2d05c59 100644 --- a/conf.d/globalblacklist.conf +++ b/conf.d/globalblacklist.conf @@ -18123,6 +18123,22 @@ geo $ratelimited { # END SECTION 4 - ACTIVATE BLOCKER FUNCTIONS # ========================================== + +# ============================= +# BEGIN SECTION 5 - REQUEST URI +# ============================= + +map $request_uri $bad_uri_words { + default 0; + # include bots.d/whitelist-domains.conf; # ??? + include bots.d/bad-uri-words.conf; +} + + +# ========================================== +# END SECTION 5 - ACTIVATE BLOCKER FUNCTIONS +# ========================================== + # ===================== # END BLOCKER FUNCTIONS # =====================