Commit 07654de4 authored by JamesK's avatar JamesK Committed by memtkmcc

Issue #2841717 by JamesK: Why block nginx requests with a pair of periods (..) in the query?

parent aabeed10
......@@ -288,7 +288,7 @@ map $http_user_agent $deny_on_high_load {
###
map $args $is_denied {
default '';
~*delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|document\.cookie|\;|\.\. is_denied;
~*delete.+from|insert.+into|select.+from|union.+select|onload|\.php.+src|system\(.+|document\.cookie|\;|\.\.\/ is_denied;
}
<?php endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment