The following LUA snippet can be used to filter PHP serialized objects (POI attack).
function when_nullbyte(str, proc)
if string.find(str, '%%00') then
proc()
end
end
ngx.req.read_body()
local args = ngx.req.get_body_data() or ""
function block_attack()
ngx.exit(403)
end
when_nullbyte(args, block_attack)
Activate in Nginx.conf:
location ~* /checkout/.*/(savebilling|savePayment) {
access_by_lua_file "/etc/nginx/checkout_nullbyte.lua";
echo_exec @handler;
}