Shellshock protection using nginx ?

itpp2012 nginx-forum at nginx.us
Fri Sep 26 09:14:40 UTC 2014 

Untested but should work;

between http {}
map $request $shellshockblock {
    default                              0;
    ~*\:\;                                  1;
    ~*ping                              1;
    ~*\/bash                           1;
}

inside location {} if ($shellshockblock) { return 412; }

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253553,253554#msg-253554

More information about the nginx mailing list