stackoom
  简体   繁体   中英

How can I deny a request with a specific url encoded character?

 原文  2022-12-22 00:28:10       nginx/ nginx-config

Question

I'm having problems with a site being exploited, and I have tried many ways to solve this, but I'm missing some skills to get it done.

The issue is I need to deny POST requests to "/%21/Form/create" while accepting POST requests to "/./Form/create".

I have tried:

location = /%21/Form/create {
deny all;
}

location ~ ^/%21.*/ {
deny all;
}

without any luck. I would really appreciate some help solving this.

1 answers

solution1
 0  2022-12-23 08:38:43

They are the same URL - but if your server is receiving both forms of request - and you need to differentiate between them - you can use $request_uri to view the request as it was originally received.

The variable can be tested using an if block.

if ($request_uri = /%21/Form/create) { return 403; }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question In Nginx, how can I return 404s for specific URL pattern/regex without sending request to the app server? How to deny POST to certain url in nginx nginx rewrite URL decoding first encoded character in URI How to redirect an encoded url slug with Nginx Nginx: How to reverse proxy from external request to specific localhost url How to redirect to specific upstream servers based on request URL in Nginx? How can I configure Nginx to route a specific request pattern to a specific php-fpm upstream hosting a Symfony application? Nginx deny specific filetypes in a location In AWS I need help for deny url by public ip or public dns and to allow only access by domain (CNAME) How to deny with 404 on nginx
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM