Nginx - XSS Prevention

 XSS (Cross Site Scripting) adalah eksploitasi keamanan di mana penyerang menempatkan malicious client-end code ke laman web. Tujuan dari serangan XSS adalah mengambil data penting, mengambil cookie dari user atau mengirimkan suatu program yang dapat merusak user, namun seakan-akan penyebabnya adalah dari web itu sendiri.


########################### XSS PREVENTION ############################## set $block_xss 0; if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($request_uri ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($block_xss = 1) { return 403; } ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*\(") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } ## Block file injections set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=http://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } ## Block common exploits set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") { set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; } ## Block spam set $block_spam 0; if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") { set $block_spam 1; } if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") { set $block_spam 1; } if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") { set $block_spam 1; } if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") { set $block_spam 1; } if ($block_spam = 1) { return 403; } ## Block user agents #SET $BLOCK_USER_AGENTS 0; # Don't disable wget if you need it to run cron jobs! #if ($http_user_agent ~ "Wget") { # set $block_user_agents 1; #} # Disable Akeeba Remote Control 2.5 and earlier if ($http_user_agent ~ "Indy Library") { set $block_user_agents 1; } # Common bandwidth hoggers and hacking tools. if ($http_user_agent ~ "libwww-perl") { set $block_user_agents 1; } if ($http_user_agent ~ "GetRight") { set $block_user_agents 1; } if ($http_user_agent ~ "GetWeb!") { set $block_user_agents 1; } if ($http_user_agent ~ "Go!Zilla") { set $block_user_agents 1; } if ($http_user_agent ~ "Download Demon") { set $block_user_agents 1; } if ($http_user_agent ~ "Go-Ahead-Got-It") { set $block_user_agents 1; } if ($http_user_agent ~ "TurnitinBot") { set $block_user_agents 1; } if ($http_user_agent ~ "GrabNet") { set $block_user_agents 1; } if ($block_user_agents = 1) { return 403; }

Postingan populer dari blog ini

Install Moodle 4.3 di Ubuntu 22.04

Gambar
Moodle, singkatan dari Modular Object-Oriented Dynamic Learning Environment, adalah platform sumber terbuka tangguh yang dirancang untuk memfasilitasi pembelajaran online dan manajemen kursus. Dikembangkan oleh Martin Dougiamas pada tahun 2002, Moodle telah berkembang menjadi salah satu Sistem Manajemen Pembelajaran (LMS) yang paling banyak digunakan secara global. Baik Anda seorang pendidik, administrator, atau pelajar, Moodle menawarkan lingkungan yang kuat dan fleksibel untuk membuat dan berpartisipasi dalam kursus online. Pada tutorial kali ini kita akan mempelajari cara instalasi Moodle 4.3 dengan spesifikasi sebagai berikut:  Cloud Server : 1 CPU, 2 GB RAM, 50 GB Storage Operating System : Ubuntu 22.04 LTS Subdomain : lms.ilusidigital.com SSL : Let’s Encrypt Web Server : Apache2 PHP : PHP v8.1 Database : MariaDB v10.6 Moodle : Moodle v4.3.2 Langkah 1 : Perbarui paket sistem Hubungkan ke server Anda dan pastikan paket sistem Anda mutakhir : apt update apt upgrade -y Catatan : ...
Baca Selengkapnya »

Nginx - WAF ( Web Application Firewall )

Gambar
  Install Nginx and ModSecurity. sudo apt-get update sudo apt-get install nginx -y sudo apt-get install libnginx-mod-security -y sudo apt-get intall git -y Enable ModSecurity module in Nginx configuration. sudo sed -i 's/# include \/etc\/nginx\/modules-enabled\/\*\.conf;/include \/etc\/nginx\/modules-enabled\/\*\.conf;/' /etc/nginx/nginx.conf Configure ModSecurity rules sudo mv /etc/nginx/mods-available/mod-security.conf /etc/nginx/mods-available/mod-security.conf.orig sudo cp /usr/share/modsecurity-crs/modsecurity.conf-recommended /etc/nginx/mods-available/mod-security.conf sudo mv /etc/nginx/mods-available/modsecurity.conf /etc/nginx/mods-available/modsecurity.conf.orig sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/mods-available/modsecurity.conf sudo sed -i 's/SecResponseBodyAccess On/SecResponseBodyAccess Off/' /etc/nginx/mods-available/modsecurity.conf Download and configure the OWASP Core Rule Set. sudo git clone https://github.c...
Baca Selengkapnya »