using nginx to mitigate the latest joomla-vuln - discussion

mex nginx-forum at
Wed Dec 16 16:52:16 UTC 2015

this one:

i'd suggest to change the ua-detection from "JDatabaseDriverMysql"
to a regex detecting the PHP-Object-Injection to cover additional
attack-vectors (like my gurus @ emergingthreats said:
"mitigation against the vuln, not the exploit you should create" :D

i also suggest to delete the "O:" - detection which will lead to
a lot of false positives, as well as using "{" alone.

http {
    map $http_user_agent $blocked_ua {

        "~O:\+?\d+:.*:\+?\d+:{(s|S):\+?\d+:.*;.*}" 1;
        default 0;


    server {
        if ($blocked_ua) { return 403; }





p.s. repost, because of forum-snafu

Posted at Nginx Forum:,263478,263483#msg-263483

More information about the nginx mailing list