IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

corrected escaping

Browse Source
This commit is contained in:
Ulf Gebhardt 2022-01-06 08:00:47 +01:00
parent c563bd58f7
commit d0f8a52211
Signed by: ulfgebhardt
GPG Key ID: DA6B843E748679C9
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
deployment/bare_metal/nginx/common/protect.conf
View File

@ -1,9 +1,9 @@
# Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files
location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" {
location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
deny all;
}
# Deny access to backup extensions & log files
location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" {
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" {
deny all;
}
# deny access to hidden files and directories
@ -11,44 +11,44 @@ location ~ /\.(?!well-known\/) {
deny all;
}
# deny access to base64 encoded urls
location ~* \"(base64_encode)(.*)(\()\" {
location ~* "(base64_encode)(.*)(\()" {
deny all;
}
# deny access to url with the javascript eval() function
location ~* \"(eval\()\" {
location ~* "(eval\()" {
deny all;
}
# deny access to url which include \"127.0.0.1\"
location ~* \"(127\.0\.0\.1)\" {
location ~* "(127\.0\.0\.1)" {
deny all;
}
location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" {
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
deny all;
}
location ~* \"(<|%3C).*script.*(>|%3)\" {
location ~* "(<|%3C).*script.*(>|%3)" {
deny all;
}
location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" {
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
deny all;
}
location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" {
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
deny all;
}
location ~* \"(https?|ftp|php):/\" {
location ~* "(https?|ftp|php):/" {
deny all;
}
location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" {
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
deny all;
}
location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" {
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")" {
deny all;
}
location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" {
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
deny all;
}
location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" {
location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)" {
deny all;
}
location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" {
location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php" {
deny all;
}