Skip to content

Instantly share code, notes, and snippets.

@gwillem

gwillem/nginx-lua-php-poi-filtering.md

Created September 2, 2016 12:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gwillem/68c765de366dcfce9bb59a9bcabac4ef to your computer and use it in GitHub Desktop.
Save gwillem/68c765de366dcfce9bb59a9bcabac4ef to your computer and use it in GitHub Desktop.
Download ZIP
nginx-lua-php-poi-filtering
Raw
nginx-lua-php-poi-filtering.md

The following LUA snippet can be used to filter PHP serialized objects (POI attack).

function when_nullbyte(str, proc)
  if string.find(str, '%%00') then
    proc()
  end
end

ngx.req.read_body()
local args = ngx.req.get_body_data() or ""

function block_attack()
  ngx.exit(403)
end

when_nullbyte(args, block_attack)

Activate in Nginx.conf:

    location ~* /checkout/.*/(savebilling|savePayment) {
       access_by_lua_file "/etc/nginx/checkout_nullbyte.lua";
       echo_exec @handler;
   }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment