Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Setting up VMs on Droplet to work properly with ServerPilot? Question Question
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question

Question

nginx vulnerability scanner

Posted September 29, 2016 8.3k views
NginxApacheWordPress

I recently changed servers from Apache to Nginx…
How do I write this information (.htaccess) a simple redirect against web scanner on file nginx.conf:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} wpscan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SF [OR]
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]
RewriteCond %{HTTP:Acunetix-Product} ^WVS
RewriteRule ^.* http://127.0.0.1/ [R=301,L]
</IfModule>

Thank you!

Add a comment
info9e3aefeb489
By:
info9e3aefeb489
edited by kamaln7

Related

NGINX Config Generator

Easily configure a performant, secure, and stable NGINX server.

 Learn More
Setting up VMs on Droplet to work properly with ServerPilot? Question Question
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
kamaln7 September 29, 2016

Hi!

The htaccess rules that you’ve posted block traffic whose user-agent matches a specific list. The user agent in nginx is stored in the $http_user_agent variable, so you will want to compare that against a Regular Expression pattern and block the requests if it does match.

One more thing to note is that the htaccess rules use the [NC] flag, which makes Apache match the patterns in a case-insensitive manner. The nginx equivalent is appending an * to the ~, as you can see below.

if ($http_user_agent ~* (^w3af.sourceforge.net|dirbuster|nikto|wpscan|SF|sqlmap|fimap|nessus|whatweb|Openvas|jbrofuzz|libwhisker|webshag)) {
    return 444;
}

return 444 simply drops the connection. You might want to do that instead of sending back a redirect to 127.0.0.1. Though, you can replace it with 403 in order to send a 403 Forbidden error.

Finally, to check if the Acunetix-Product header exists, add the following if block:

if ($http_acunetix_product) {
    return 444;
}
Reply Report
info9e3aefeb489 September 30, 2016

Thanks works!
You’ve solved many problems ;-) Grazie dall'Italia

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help