Detects "bad bots" based on the user agent and blocks them.
List source (minor changes): mitchellkrogza/nginx-ultimate-bad-bot-blocker
Disabled by default. Activate by setting modules.blockTorExitNodes.enabled = true
Blocks all requests originating from tor browser exit nodes. The ip addresses are downloaded from https://check.torproject.org/torbulkexitlist and updated hourly.
This module blocks HTTP header injections with carriage returns and linefeed characters.
OSWAP: CRLF Injection
This module detects and blocks path traversal attacks. This vulnerability allows an attacker to read arbitrary files on the server that is running an application.
OSWAP: Path Traversal
This module blocks requests from bots that pretend to be a known crawler of a search engine or a big company. The authenticity of most crawlers can be determined with a reverse DNS lookup, but an additional IP whitelist increases performance. In addition, the authenticity of some crawlers, such as the Facebook crawler, can only be determined by the IP. For more information visit the Easy WAF Data Repository.
Supported companies: Google, Microsoft, Facebook, Twitter, DuckDuckGo, Yahoo!, Pinterest, Yandex, Baidu, Qwant
Request is not blocked or logged, req.query must be set by a web framework
Replaces array parameters with their last value, like hpp.
OSWAP: Testing for HTTP Parameter Pollution
NoSQL injections are attacks that aim to modify a database query to a non-relational database, for example to bypass authentication. This module tries to prevent these attacks.
Patrick Spiegel: NoSQL Injection - Fun with Objects and Arrays
The queryUrlWhitelist
option must be set to enable this module.
Blocks requests that have a disallowed url in their path or query.
Snyk Learn: Open redirect
A JavaScript vulnerability that allows an attacker to add properties to global object prototypes that can then be inherited by other objects. This module attempts to block such requests.
Snyk Learn: Prototype pollution
An attempt to manipulate an SQL query, similar to NoSQL injections. Detection leads to blocking of the request.
OSWAP: SQL Injection
A vulnerability that allows an attacker to inject malicious code into XML files. This module tries to prevent very basic and common xml attacks.