The configuration of preventing SQL injection attacks in Nginx

V Records 6,602 Views No comment

The best way to prevent sql injection is to filter out all the data submitted to the background.

For simple cases, such as including single quotes ‘, semicolon;, <, >, and other characters can be avoided by rewriting directly to the 404 page.

There is a premise to use rewrite to know that the general use of rewrite for regular matching can only match the URI of the web page, that is the front part of the “?” in the url, and the “?” later part is the request parameter.

The request parameters after “?” are expressed in nginx with $query_string, they cannot be matched in rewrite, so you need to use “if” to judge

For example, matching  ‘  with single quotes in the argument and then directing to the error page:

Directly writing such an rewrite will definitely not match correctly, because the rewrite parameter will only match the requested uri, which is the /nginx/test.php part.

You need to use $query_string to determine with “if”. If the query string contains special characters, return 404.


Let’s share some configuration file examples:

This article was first published by V on 2019-05-07 and can be reprinted with permission, but please be sure to indicate the original link address of the article :

Leave a Reply

Your email address will not be published. Required fields are marked *