Kann G6 Firewall auf NGINX umgestellt werden?

Ich bin ein großer Fan der Htaccess-Regeln der G6-Firewall (früher G5). Ich habe mich gefragt, ob es möglich und vorteilhaft wäre, dies in NGINX umzuwandeln. Der Quellartikel kann hier gefunden werden: https://perishablepress.com/6g/. Wenn es möglich ist, dies neu zu schreiben, würden Sie den äquivalenten NGINX-Regelsatz bereitstellen? Ich denke, es wäre für viele Entwickler da draußen hilfreich.Kann G6 Firewall auf NGINX umgestellt werden?

Hier ist die Orignal .htaccess Regeln:

# 6G FIREWALL/BLACKLIST 
# @ https://perishablepress.com/6g/ 

# 6G:[QUERY STRINGS] 
<IfModule mod_rewrite.c> 
    RewriteEngine On 
    RewriteCond %{QUERY_STRING} (eval\() [NC,OR] 
    RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR] 
    RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR] 
    RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR] 
    RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR] 
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR] 
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR] 
    RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR] 
    RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR] 
    RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR] 
    RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC] 
    RewriteRule .* - [F] 
</IfModule> 

# 6G:[REQUEST METHOD] 
<IfModule mod_rewrite.c> 
    RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] 
    RewriteRule .* - [F] 
</IfModule> 

# 6G:[REFERRERS] 
<IfModule mod_rewrite.c> 
    RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR] 
    RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC] 
    RewriteRule .* - [F] 
</IfModule> 

# 6G:[REQUEST STRINGS] 
<IfModule mod_alias.c> 
    RedirectMatch 403 (?i)([a-z0-9]{2000}) 
    RedirectMatch 403 (?i)(https?|ftp|php):/ 
    RedirectMatch 403 (?i)(base64_encode)(.*)(\() 
    RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\. 
    RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$ 
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") 
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|) 
    RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack) 
    RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ) 
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ 
    RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php 
</IfModule> 

# 6G:[USER AGENTS] 
<IfModule mod_setenvif.c> 
    SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot 
    SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot 
    <limit GET POST PUT> 
     Order Allow,Deny 
     Allow from All 
     Deny from env=bad_bot 
    </limit> 
</IfModule> 

# 6G:[BAD IPS] 
<Limit GET HEAD OPTIONS POST PUT> 
    Order Allow,Deny 
    Allow from All 
    # uncomment/edit/repeat next line to block IPs 
    # Deny from 123.456.789 
</Limit>

Sie für Ihre Hilfe oder Gedanken zu diesem Vielen Dank im Voraus und ein großes Dankeschön an Perishable Press für diese .htaccess schreiben. Vielen Dank!

Quelle

2016-06-21 Josh

## Add here all user agents that are to be blocked. 
map $http_user_agent $bad_bot { 
    default 0; 
    "~*([a-z0-9]{2000})" 1; 
    ~*(archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|htmlparser|libwww|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) 1; 
} 

## Add here all referrers that are to blocked. 
map $http_referer $bad_referer { 
    default 0; 
    "~*([a-z0-9]{2000})" 1; 
    ~*(semalt.com|todaperfeita) 1; 
} 

# query strings that should be blocked 
map $query_string $bad_querystring { 
    default 0; 
    ~*(eval\() 1; 
    ~*(127\.0\.0\.1) 1; 
    "~*([a-z0-9]{2000})" 1; 
    "~*(javascript:)(.*)(;)" 1; 
    ~*(base64_encode)(.*)(\() 1; 
    ~*(GLOBALS|REQUEST)(=|\[|%) 1; 
    ~*(<|%3C)(.*)script(.*)(>|%3) 1; 
    ~*(\\|\.\.\.|\.\./|~|`|<|>|\|) 1; 
    ~*(boot\.ini|etc/passwd|self/environ) 1; 
    ~*(thumbs?(_editor|open)?|tim(thumb)?)\.php 1; 
    ~*(\'|\")(.*)(drop|insert|md5|select|union|concat) 1; 

} 

map $request_uri $bad_request { 
    default 0; 
    "~*([a-z0-9]{2000})" 1; 
    ~*(https?|ftp|php):/ 1; 
    ~*(base64_encode)(.*)(\() 1; 
    ~*(=\\\'|=\\%27|/\\\'/?)\. 1; 
    "~*/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$" 1; 
    ~*(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\") 1; 
    "~*(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)" 1; 
    ~*/(=|\$&|_mm|cgi-|etc/passwd|muieblack) 1; 
    "~*(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)" 1; 
    ~*\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$ 1; 
    ~*/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php 1; 
} 

map $request_method $not_allowed_method { 
    default 0; 
    ~*^(connect|debug|delete|move|put|trace|track) 1; 
}

Dann in dem Server-Direktive ich hinzufügen, um diesen

server { 
    ... 


    if ($bad_bot) { return 444; } 
    if ($bad_referer) { return 444; } 
    if ($bad_querystring) { return 444; } 
    if ($bad_request) { return 444; } 
    if ($not_allowed_method) { return 405; } 

    ## Filesystem root of the site and index. 
    root /home/$DOMAIN/public; 
    index index.php; 

    ... 

}

Quelle

2016-10-08 03:59:01 nirbhasa

Kann G6 Firewall auf NGINX umgestellt werden?

Antwort

Verwandte Themen