Skip to content

Latest commit

 

History

History

modules

Folders and files

NameName
Last commit message
Last commit date

parent directory

..

README.md

README.md

 
 

badBots.ts

badBots.ts

 
 

blockTorExitNodes.ts

blockTorExitNodes.ts

 
 

crlfInjection.ts

crlfInjection.ts

 
 

directoryTraversal.ts

directoryTraversal.ts

 
 

fakeCrawlers.ts

fakeCrawlers.ts

 
 

httpParameterPollution.ts

httpParameterPollution.ts

 
 

index.ts

index.ts

 
 

noSqlInjection.ts

noSqlInjection.ts

 
 

openRedirect.ts

openRedirect.ts

 
 

prototypePollution.ts

prototypePollution.ts

 
 

specialchars.regex.ts

specialchars.regex.ts

 
 

sqlInjection.ts

sqlInjection.ts

 
 

xmlInjection.ts

xmlInjection.ts

 
 

xss.ts

xss.ts

 
 

README.md

Modules

Bad Bots

Detects "bad bots" based on the user agent and blocks them.
List source (minor changes): mitchellkrogza/nginx-ultimate-bad-bot-blocker

Block Tor Exit Nodes

Disabled by default. Activate by setting modules.blockTorExitNodes.enabled = true

Blocks all requests originating from tor browser exit nodes. The ip addresses are downloaded from https://check.torproject.org/torbulkexitlist and updated hourly.

CRLF Injection

This module blocks HTTP header injections with carriage returns and linefeed characters.
OSWAP: CRLF Injection

Directory / Path Traversal

This module detects and blocks path traversal attacks. This vulnerability allows an attacker to read arbitrary files on the server that is running an application.
OSWAP: Path Traversal

Fake Crawlers

This module blocks requests from bots that pretend to be a known crawler of a search engine or a big company. The authenticity of most crawlers can be determined with a reverse DNS lookup, but an additional IP whitelist increases performance. In addition, the authenticity of some crawlers, such as the Facebook crawler, can only be determined by the IP. For more information visit the Easy WAF Data Repository.

Supported companies: Google, Microsoft, Facebook, Twitter, DuckDuckGo, Yahoo!, Pinterest, Yandex, Baidu, Qwant

HTTP Parameter Pollution

Request is not blocked or logged, req.query must be set by a web framework

Replaces array parameters with their last value, like hpp.
OSWAP: Testing for HTTP Parameter Pollution

NoSQL Injection

NoSQL injections are attacks that aim to modify a database query to a non-relational database, for example to bypass authentication. This module tries to prevent these attacks.
Patrick Spiegel: NoSQL Injection - Fun with Objects and Arrays

Open Redirect

The queryUrlWhitelist option must be set to enable this module.

Blocks requests that have a disallowed url in their path or query.
Snyk Learn: Open redirect

Prototype Pollution

A JavaScript vulnerability that allows an attacker to add properties to global object prototypes that can then be inherited by other objects. This module attempts to block such requests.
Snyk Learn: Prototype pollution

SQL Injection

An attempt to manipulate an SQL query, similar to NoSQL injections. Detection leads to blocking of the request.
OSWAP: SQL Injection

XML Injection

A vulnerability that allows an attacker to inject malicious code into XML files. This module tries to prevent very basic and common xml attacks.