# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ### # VERSION INFORMATION # #---------------------- # Version: V4.2019.11 # Updated: 2019-07-05 #---------------------- # VERSION INFORMATION # ############################################################################## # _ __ _ # # / |/ /__ _(_)__ __ __ # # / / _ `/ / _ \\ \ / # # /_/|_/\_, /_/_//_/_\_\ # # __/___/ __ ___ __ ___ __ __ # # / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # # / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # # /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # # # ############################################################################## # This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20 # This file must exist on your system or Nginx will fail a reload due to a missing file # For all intensive purpose you can delete everything inside this file and leave it # completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string # Only add one entry per line # ------------------------------- # !!! WARNING WARNING WARNING !!! # ------------------------------- # --------------------------------------- # PLEASE BE VERY CAREFUL HOW YOU USE THIS # --------------------------------------- # Here is an example of how one supposed bad word can cause your whole site to go down. # An issue was logged where the users own domain name was specialisteparquet.com # Because this list contained the word "cialis" it was detected within his domain name causing # his entire site to go down and not server any assets. # That one entry would even cause any site containing a word like "specialist" anywhere in any # of their sites pages to cause them to be blocked and whitelisting your own domain name in the # whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE # Think very carefully before you add any word here # ----------------------------------------------------------------------------------------- # PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!! # ----------------------------------------------------------------------------------------- # BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED # As you can see in the examples below the word "adultgalls" is entered with a preceding (?:\b) and an ending (?:\b) # this makes it now "(?:\b)adultgalls(?:\b)". It is crucial to use the word boundaries regex formatting. # --------- # EXAMPLES: # --------- # "~*(?:\b)adultgalls(?:\b)" 1; # "~*(?:\b)amateurxpass(?:\b)" 1; # "~*(?:\b)bigblackbooty(?:\b)" 1; # "~*(?:\b)blacktits(?:\b)" 1; # "~*(?:\b)cookie\-law\-enforcement(?:\b)" 1; # "~*(?:\b)free\-share\-buttons(?:\b)" 1; # "~*(?:\b)free\-social\-buttons(?:\b)" 1; # "~*(?:\b)fuck\-paid\-share\-buttons(?:\b)" 1; # "~*(?:\b)ilovevitaly(?:\b)" 1; # "~*(?:\b)law\-enforcement\-bot(?:\b)" 1; # "~*(?:\b)law\-enforcement\-check(?:\b)" 1; # "~*(?:\b)share\-buttons\-for\-free(?:\b)" 1; # "~*(?:\b)webfuck(?:\b)" 1; # "~*(?:\b)xxxrus(?:\b)" 1; # "~*(?:\b)zeroredirect(?:\b)" 1; # "~*(?:\b|)x22(?:\b)" 1; (in this string if your own domain name was sex22.com it would be blocked) # Here is a list of unsanitary words used in referrer strings - used in various injection attacks # THE RULES BELOW ARE ENABLED BY DEFAULT # You can disable this default list by switching the values to 0 "~*(?:\b|)mb_ereg_replace(?:\b|)" 1; # ----------- # PLEASE NOTE # ----------- # If you whitelist your own domain in whitelist-domains.conf and your own domain is passed in the referrer string with an attack string it will NOT be blocked. # -------- # EXAMPLE: # -------- # This string "http://yourwebsite.com/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=gqopu.php&vars[1][]=$" # contains the above 'mb_ereg_replace" attack string # If your domain is whitelisted in whitelist-domains.conf this string will NOT be detected