Hi Skip, hope you're doing well.
On Mon, Feb 14, 2022 at 07:39:46AM -0600, Skip Montanaro wrote: > I have a simple website with NGINX fronting Gunicorn and Flask. Of course, > within minutes of it going live, I started to get obvious crap, probing for > vulnerabilities. Nothing's gotten through yet, at least as far as I can > tell. Even so, it would be nice if such malware-type requests were rejected > by NGINX before they reach the backend. > > Is there a module for NGINX which implements something like a blackhole > list similar to what you find on email servers, that is, offloading the > acceptance or rejection of certain paths to a community-managed database? I > scrolled through the list here: > > https://www.nginx.com/resources/wiki/modules/ > > but didn't see anything obvious. I could establish my own rewrite rules > (and probably will) for some of the most egregious requests (anything > ".php" would get dropped, for example), but was hoping something already > existed. You'd probably need to install a WAF, Web Application Firewall. Some of those are avaialble for free. -- Sergey Osokin _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
