shellshock probing
B.R.
reallfqq-nginx at yahoo.fr
Thu Apr 2 14:48:22 UTC 2015
That is the power of the 'empty value = does nothing' logic. :o)
---
*B. R.*
On Thu, Apr 2, 2015 at 3:33 PM, Cole Tierney <cole.putnamhill at comcast.net>
wrote:
> > On Apr 2, 2015, at 7:21 AM, itpp2012 <nginx-forum at nginx.us> wrote:
> >
> > Cole Tierney Wrote:
> > -------------------------------------------------------
> >> Or is there a better method to block these?
> >
> > Not really better but good enough :)
> >
> > map $http_referer $waffableref {
> > default 0;
> > ~*\{.*\:\; 1;
> > }
> > map $http_user_agent $waffableua {
> > default 0;
> > ~*\{.*\:\; 1;
> > }
> > map $waffableref$waffableua $waffable {
> > default 0;
> > ~1 1;
> > }
> >
> > # Block shellshock:
> > if ($waffable) { return 444; }
> >
> > # Drop'm from logging:
> > map $waffable $loggable {
> > default 1;
> > ~1 0;
> > }
> >
> > access_log /path/to/access.log combined if=$loggable;
>
> Thanks! I like the combined variables in the 3rd map.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150402/e4437534/attachment.html>
More information about the nginx
mailing list