Brain Log

Nah saya Bagikan Script Nginx untuk block sqlinjection, caranya: $ sudo vim /etc/nginx/sites-available/namawebsite.com.conf tambah baris didalam server { } berikut: server { [...]    ## Block SQL injections    set $block_sql_injections 0;    if ($query_string ~ "union.*select.*\(") {        set $block_sql_injections 1;    }    if ($query_string ~ "union.*all.*select.*") {        set $block_sql_injections 1;    }    if ($query_string ~ "concat.*\(") {        set $block_sql_injections 1;    }    if ($block_sql_injections = 1) {        return 403;    }    ## Block file injections    set $block_file_injections 0;    if ($query_string ~ "[a-zA-Z0-9_]=http://") {        set $block_file_injections 1;    }    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {        set $block_file_injections 1;    }    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {