From d0f8a5221141717631b196056b7adab0105bf892 Mon Sep 17 00:00:00 2001 From: Ulf Gebhardt Date: Thu, 6 Jan 2022 08:00:47 +0100 Subject: [PATCH] corrected escaping --- .../bare_metal/nginx/common/protect.conf | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/deployment/bare_metal/nginx/common/protect.conf b/deployment/bare_metal/nginx/common/protect.conf index 358549a53..334aec28f 100644 --- a/deployment/bare_metal/nginx/common/protect.conf +++ b/deployment/bare_metal/nginx/common/protect.conf @@ -1,9 +1,9 @@ # Deny access to readme.(txt|html) or license.(txt|html) or example.(txt|html) and other common git related files -location ~* \"/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)\" { +location ~* "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" { deny all; } # Deny access to backup extensions & log files -location ~* \"\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$\" { +location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf)$" { deny all; } # deny access to hidden files and directories @@ -11,44 +11,44 @@ location ~ /\.(?!well-known\/) { deny all; } # deny access to base64 encoded urls -location ~* \"(base64_encode)(.*)(\()\" { +location ~* "(base64_encode)(.*)(\()" { deny all; } # deny access to url with the javascript eval() function -location ~* \"(eval\()\" { +location ~* "(eval\()" { deny all; } # deny access to url which include \"127.0.0.1\" -location ~* \"(127\.0\.0\.1)\" { +location ~* "(127\.0\.0\.1)" { deny all; } -location ~* \"(GLOBALS|REQUEST)(=|\[|%)\" { +location ~* "(GLOBALS|REQUEST)(=|\[|%)" { deny all; } -location ~* \"(<|%3C).*script.*(>|%3)\" { +location ~* "(<|%3C).*script.*(>|%3)" { deny all; } -location ~ \"(\\|\.\.\.|\.\./|~|`|<|>|\|)\" { +location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" { deny all; } -location ~* \"(\'|\\")(.*)(drop|insert|md5|select|union)\" { +location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" { deny all; } -location ~* \"(https?|ftp|php):/\" { +location ~* "(https?|ftp|php):/" { deny all; } -location ~* \"(=\\\'|=\\%27|/\\\'/?)\.\" { +location ~* "(=\\\'|=\\%27|/\\\'/?)\." { deny all; } -location ~ \"(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")\" { +location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\\"\\\\")" { deny all; } -location ~ \"(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)\" { +location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" { deny all; } -location ~* \"(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)\" { +location ~* "(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|boot\.ini|etc/passwd|eval\(|self/environ|(wp-)?config\.|cgi-|muieblack)" { deny all; } -location ~* \"/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php\" { +location ~* "/(^$|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell|config|configuration)\.php" { deny all; } \ No newline at end of file