diff --git a/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf b/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf
index 15ff736a..76bc9e79 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf
@@ -52,7 +52,7 @@ if ($block_sql_injections = 1) {
 set $block_file_injections 0;
 
 # Remote file inclusion
-if ($query_string ~ "[a-zA-Z0-9_]=(https?|ftp|ftps)://") {
+if ($query_string ~ "[a-zA-Z0-9_]=(https?|ftp|ftps|file|data|php|expect|gopher)://") {
 	set $block_file_injections 1;
 }
 
@@ -84,8 +84,8 @@ if ($query_string ~ "(\/etc\/passwd)|(\/etc\/shadow)|(\/etc\/hosts)") {
 	set $block_file_injections 1;
 }
 
-# Null bytes and encoding attacks
-if ($query_string ~ "(%00|%0a|%0d|%09|%20$)") {
+# Null bytes and dangerous encoding attacks
+if ($query_string ~ "(%00|%0a%0d|%0d%0a)") {
 	set $block_file_injections 1;
 }