diff --git a/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf b/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf index 25534b0f..15ff736a 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf @@ -173,60 +173,6 @@ if ($block_common_exploits = 1) { return 403; } -## Block spam -set $block_spam 0; - -# Original spam keywords -if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") { - set $block_spam 1; -} - -# Enhanced spam keywords -if ($query_string ~ "\b(casino|poker|gambling|betting|lottery|jackpot|slot)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(loan|credit|mortgage|insurance|investment|forex|crypto)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(escort|adult|xxx|porn|sex|dating|hookup|webcam)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(replica|fake|counterfeit|knockoff|imitation)\b") { - set $block_spam 1; -} - -if ($query_string ~ "\b(weight.?loss|diet.?pill|muscle|steroid|supplement)\b") { - set $block_spam 1; -} - -# Common spam patterns -if ($query_string ~ "(\[url=|\[link=|\[email=|email.*@.*\..*\])") { - set $block_spam 1; -} - -if ($query_string ~ "(click.here|visit.site|buy.now|free.trial|limited.offer)") { - set $block_spam 1; -} - -if ($block_spam = 1) { - return 403; -} - ## Block malicious user agents set $block_user_agents 0; @@ -324,10 +270,6 @@ if ($request_method ~ "^(TRACE|TRACK|DEBUG|OPTIONS|CONNECT)$") { set $block_methods 1; } -if ($request_method ~ "^(PUT|DELETE)$") { - set $block_methods 1; -} - if ($block_methods = 1) { return 405; } @@ -403,49 +345,3 @@ if ($request_uri ~ "%00|%0a|%0d|%27|%3c|%3e|%00") { if ($block_protocol = 1) { return 400; } - -## Block common vulnerability scanners -set $block_scanners 0; - -if ($request_uri ~ "(wp-admin|wp-login|wp-content|wp-includes|xmlrpc\.php)") { - set $block_scanners 1; -} - -if ($request_uri ~ "(phpmyadmin|pma|mysql|admin|administrator|manager)") { - set $block_scanners 1; -} - -if ($request_uri ~ "(\.php|\.asp|\.aspx|\.jsp|\.cgi)$") { - set $block_scanners 1; -} - -if ($request_uri ~ "(config|backup|log|tmp|temp|cache)") { - set $block_scanners 1; -} - -# Common paths used by vulnerability scanners -if ($request_uri ~ "(robots\.txt|sitemap\.xml|\.well-known|\.git|\.svn|\.env)") { - set $block_scanners 1; -} - -if ($block_scanners = 1) { - return 404; -} - -## Rate limiting marker (basic implementation) -set $block_rate_limit 0; - -# This requires additional nginx modules for proper rate limiting -# but we set the variable for potential future use -if ($remote_addr ~ "^(127\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.)") { - set $block_rate_limit 0; -} - -# Block requests from suspicious countries (placeholder for GeoIP) -# if ($geoip_country_code ~ "^(CN|RU|KP|IR)$") { -# set $block_rate_limit 1; -# } - -if ($block_rate_limit = 1) { - return 429; -}