Obvious malware rejection module?

Skip Montanaro skip.montanaro at gmail.com
Mon Feb 14 13:39:46 UTC 2022


I have a simple website with NGINX fronting Gunicorn and Flask. Of course,
within minutes of it going live, I started to get obvious crap, probing for
vulnerabilities. Nothing's gotten through yet, at least as far as I can
tell. Even so, it would be nice if such malware-type requests were rejected
by NGINX before they reach the backend.

Is there a module for NGINX which implements something like a blackhole
list similar to what you find on email servers, that is, offloading the
acceptance or rejection of certain paths to a community-managed database? I
scrolled through the list here:

https://www.nginx.com/resources/wiki/modules/

but didn't see anything obvious. I could establish my own rewrite rules
(and probably will) for some of the most egregious requests (anything
".php" would get dropped, for example), but was hoping something already
existed.

Thanks,

Skip Montanaro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220214/6e568656/attachment.htm>


More information about the nginx mailing list