Right use of 'if'

Sun Jun 7 10:41:38 UTC 2015

Hai.

I try to refuse some attacks with map and if.

The requests looks like:

#############
/?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00

/index.php?id=../../../../../../etc/passwd%00&page=../../../../../../etc/passwd%00&file=../../../../../../etc/passwd%00&inc=../../../../../../etc/passwd%00&load=../../../../../../etc/passwd%00&path=../../../../../../etc/passwd%00

/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez

/index.php?test=../../../../../../../../../../boot.ini
#############

My solution:

#################
# http request line: "GET 
/index.php?culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez 
HTTP/1.1"
# http uri: "/index.php"
# http args: 
"culture=../../../../../../../../../../windows/win.ini&name=SP.JSGrid.Res&rev=laygpE0lqaosnkB4iqx6mA%3D%3D&sections=All%3Cscript%3Ealert(12345)%3C/script%3Ez"
# http exten: "php"

map $args $block {
   default 0;
   "~(boot|win)\.ini" 1;
   "~etc/passwd" 1;
}

location = /index.php {
   if ($block) {
# include is here not allowed ;-/
#    include 
/home/nginx/server/conf/global_setting_for_log_to_fail2ban_for_blocking.conf;
     access_log logs/fail2ban.log combined;
     return 403;
   }
}
#########################

Is this the most efficient way for nginx?

BR Aleks