image_pdfimage_print

nginx – Block Exploits, SQL Injections, File Injections, Spam, User Agents, Dll

server {
[...]

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }
[...]
}

install subversion pada ubuntu server 11.04

Langsung aja, saya ingin menginstall subversion / svn pada server ubutu 11.04 bagaimana caranya yach,, mari ikuti terus artiket ini, sebelumnya saya sudah menyiapkan satu gelas susu dan cemilan untuk teman dalam menunggu installasi, untuk pertama kita perlu update semua package di ubuntu,,

sudo -s

apt-get update

apt-get updgrade

 

setelah package di update kita install subversion apache2 dan libsvn_webdave,,

apt-get install subversion libapache2-svn apache2

jika sudah terinstall maka langkah pertama kita set untuk subversionnya, untuk pertama kita install lokasi svn yang digunakan.

mkdir /home/svn

sudo svnadmin create /home/svn

setelah direktori kita buat maka kita harus menggecek konfigurasi pada module apache..

vi /etc/apache2/mods-enabled/dav_svn.conf

<Location /svn>

DAV svn
SVNPath /home/svn/project/
AuthType Basic
AuthName “myproject subversion repository”
AuthUserFile /etc/apache2/dav_svn.passwd
#    <LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#    </LimitExcept>
</Location>

 

 

kemudian jika sudah siap buat user dan password untuk auth di subversion dan pada webserver.
sudo htpasswd2 -cm /etc/apache2/dav_svn.passwd <username>
contoh :
sudo htpasswd2 -cm /etc/apache2/dav_svn.passwd ribhy
New password:
Re-type new password:
Adding password for user ribhy
setelah semuanya beres kita restart apache2 dan mulai dengan subversion
gook luck

solusi error apr_sockaddr_info_get() pada apache2

Beberapa waktu lalu saya mencoba menginstall apache pada server ubuntu lokal dan hostname saya beri nama ini-aja lalu saat start / restart apache muncul masalah :

root@ini-aja:~# /etc/init.d/apache2 restart
* Restarting web server apache2                                                                                                                                        apache2: apr_sockaddr_info_get() failed for ini-aja
apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
[Thu May 12 22:38:23 2011] [warn] NameVirtualHost *:438 has no VirtualHosts
… waiting apache2: apr_sockaddr_info_get() failed for ini-aja
apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
[Thu May 12 22:38:24 2011] [warn] NameVirtualHost *:438 has no VirtualHosts
[ OK ]
root@ini-aja:~#

error diatas ada dua penyebabnya define virtualhost port yang salah dengan seharusnya didefine seperti ini :

<VirtualHost *:438>

kemudian untuk masalah apr_sockaddr_info_get() hanya dengan menambah server name pada apache konfigurasi, add line

echo “ServerName localhost” >> /etc/apache2/httpd.conf

kemudian restart server

/etc/init.d/apache2 restart..

Sembuh deh penyakitnya tu,, good luck..