WordPress pingback mitigation
nginx-forum at forum.nginx.org
Sat May 20 10:35:46 UTC 2017
I take it you don't use a WAF of any kind i also think you should add it to
a MAP at least instead of using IF.
The WAF I use for these same rules is found here.
The rules for wordpress and other content management systems are found
http://spike.nginx-goodies.com/rules/ ( a downloadable list they use
Naxsi is the best soloution I have found against problems like this
especialy with their XSS and SQL extensions enabled.
CheckRule "$LIBINJECTION_XSS >= 8" BLOCK;
CheckRule "$LIBINJECTION_SQL >= 8" BLOCK;
Blocks allot of zero day exploits and unknown exploits / penetration testing
If you want to protect your sites it is definitely worth the look and use.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274339,274341#msg-274341
More information about the nginx