Block SQL Injection

Cliff Wells cliff at
Thu Apr 21 00:22:50 MSD 2011

On Wed, 2011-04-20 at 13:05 -0400, jacppe wrote:
> Hi all. Anybody know how can I block some characters for avoid SQL
> Injection using Nginx as web server o HTTP reverse-proxy?
> Thanks a lot.

You can't really, unless you write a custom module. Rewrite rules won't
help since they don't deal with the POST body. There may be some filter
module I'm unaware of that could do it, but I'd still suggest you don't.
It's much better to simply use software written by moderately capable
developers. SQL-injection is so trivial to avoid at the application
level that it's borderline unforgivable to find it in a modern web app.


More information about the nginx mailing list