Detects "bad bots" based on the user agent and blocks them.
List source (minor changes): mitchellkrogza/nginx-ultimate-bad-bot-blocker
Disabled by default. Activate by setting modules.blockTorExitNodes.enabled = true
Blocks all requests originating from tor browser exit nodes. The ip addresses are downloaded from https://check.torproject.org/torbulkexitlist and updated hourly.
This module blocks HTTP header injections with carriage returns and linefeed characters.
OSWAP: CRLF Injection
This module detects and blocks path traversal attacks. This vulnerability allows an attacker to read arbitrary files on the server that is running an application.
OSWAP: Path Traversal
This module blocks requests from bots that pretend to be a known search engine or similar. For this purpose, a hourly updated whitelist with IPS from Google, Bing and DuckDuckGo is used. For other providers, the authenticity is checked by doing a reverse DNS lookup and the IP address is temporarily whitelisted.
Whitelist sources: Google, Bing, DuckDuckGo
Supported companies: Google, Microsoft, DuckDuckGo, Yahoo!, Yandex, Baidu, Qwant
Request is not blocked or logged, req.query must be set by a web framework
Replaces array parameters with their last value, like hpp.
OSWAP: Testing for HTTP Parameter Pollution
NoSQL injections are attacks that aim to modify a database query to a non-relational database, for example to bypass authentication. This module tries to prevent these attacks.
Patrick Spiegel: NoSQL Injection - Fun with Objects and Arrays
The queryUrlWhitelist option must be set to enable this module.
Blocks requests that have a disallowed url in their path or query.
Snyk Learn: Open redirect
A JavaScript vulnerability that allows an attacker to add properties to global object prototypes that can then be inherited by other objects. This module attempts to block such requests.
Snyk Learn: Prototype pollution
An attempt to manipulate an SQL query, similar to NoSQL injections. Detection leads to blocking of the request.
OSWAP: SQL Injection