shellshock probing
itpp2012
nginx-forum at nginx.us
Thu Apr 2 11:21:56 UTC 2015
Cole Tierney Wrote:
-------------------------------------------------------
> Or is there a better method to block these?
Not really better but good enough :)
map $http_referer $waffableref {
default 0;
~*\{.*\:\; 1;
}
map $http_user_agent $waffableua {
default 0;
~*\{.*\:\; 1;
}
map $waffableref$waffableua $waffable {
default 0;
~1 1;
}
# Block shellshock:
if ($waffable) { return 444; }
# Drop'm from logging:
map $waffable $loggable {
default 1;
~1 0;
}
access_log /path/to/access.log combined if=$loggable;
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,257792,257814#msg-257814
More information about the nginx
mailing list