如何拒绝具有特定 url 编码字符的请求?
[英]How can I deny a request with a specific url encoded character?
问题描述
I'm having problems with a site being exploited, and I have tried many ways to solve this, but I'm missing some skills to get it done.
我遇到了网站被利用的问题,我尝试了很多方法来解决这个问题,但我缺少一些技巧来完成它。
The issue is I need to deny POST requests to "/%21/Form/create" while accepting POST requests to "/./Form/create".问题是我需要拒绝对“/%21/Form/create”的 POST 请求,同时接受对“/./Form/create”的 POST 请求。
I have tried:我试过了:
location = /%21/Form/create {
deny all;
}
location ~ ^/%21.*/ {
deny all;
}
without any luck.没有任何运气。 I would really appreciate some help solving this.我真的很感激一些帮助解决这个问题。
1 个解决方案
解决方案1
0 2022-12-23 08:38:43
They are the same URL - but if your server is receiving both forms of request - and you need to differentiate between them - you can use $request_uri to view the request as it was originally received.它们是相同的 URL - 但如果您的服务器正在接收两种形式的请求 - 并且您需要区分它们 - 您可以使用$request_uri来查看最初收到的请求。
The variable can be tested using an if block.可以使用if块测试该变量。
if ($request_uri = /%21/Form/create) { return 403; }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.