宝塔付费版防火墙规则分享

可以在我们的cdn→安全设置→参数过滤中挨个添加

实测有用

下面是 GET-参数过滤 规则

\.\./\.\./ 目录保护1	
   
(?:etc\/\W*passwd)
目录保护3	
   
(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
PHP流协议过滤1	
   
base64_decode\(
一句话木马过滤3	
   
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
一句话木马过滤4	
   
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
一句话木马过滤5	
   
select.+(from|limit)
SQL注入过滤2	
   
(?:(union(.*?)select))
SQL注入过滤3	
   
benchmark\((.*)\,(.*)\)
SQL注入过滤6	
   
(?:from\W+information_schema\W)
SQL注入过滤7	
   
(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\s*\(
SQL注入过滤8	
   
\<(iframe|script|body|img|layer|div|meta|style|base|object)
XSS过滤1	
   
(invokefunction|call_user_func_array|\\think\\)
ThinkPHP payload封堵	
   
^url_array\[.*\]$
Metinfo6.x XSS漏洞	
   
(extractvalue\(|concat\(0x|user\(\)|substring\(|count\(\*\)|substring\(hex\(|updatexml\()
SQL报错注入过滤01	
   
(@@version|load_file\(|NAME_CONST\(|exp\(\~|floor\(rand\(|geometrycollection\(|multipoint\(|polygon\(|multipolygon\(|linestring\(|multilinestring\()
SQL报错注入过滤02	
   
(ORD\(|MID\(|IFNULL\(|CAST\(|CHAR\()
SQL注入过滤1	
   
(EXISTS\(|SELECT\#|\(SELECT)
SQL注入过滤1	
   
(bin\(|ascii\(|benchmark\(|concat_ws\(|group_concat\(|strcmp\(|left\(|datadir\(|greatest\()
SQL报错注入过滤01	
   
(?:from.+?information_schema.+?)
--	
   
(array_map\("ass)
菜刀流量过滤	
   
'$
test	
   
\${jndi:
log4j2拦截

GET-URL过滤

\.(htaccess|mysql_history|bash_history|DS_Store|idea|user\.ini)
文件目录过滤1	
   
\.(bak|inc|old|mdb|sql|php~|swp|java|class)$
文件目录过滤2	
   
^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\.(rar|sql|zip|tar\.gz|tar)$
文件目录过滤3	
   
/(hack|shell|spy|phpspy)\.php$
PHP脚本执行过滤1	
   
^/(attachments|css|uploadfiles|static|forumdata|cache|avatar)/(\w+).(php|jsp)$
PHP脚本执行过滤2	
   
(?:(union(.*?)select))
SQL注入过滤1	
   
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(

User-Agent过滤

(WPScan|HTTrack|antSword|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|netsparker|httperf| SF/)
关键词过滤1	
   
(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\(
一句话*屏蔽的关键字*过滤2	
   
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)
一句话*屏蔽的关键字*过滤3	
   
select\s+.+(from|limit)\s+
SQL注入过滤2	
   
(?:(union(.*?)select))
SQL注入过滤3	
   
benchmark\((.*)\,(.*)\)
SQL注入过滤6	
   
(?:from\W+information_schema\W)
SQL注入过滤7	
   
(?:(?:current_)user|database|schema|connection_id)\s*\(
SQL注入过滤8	
   
(extractvalue\(|concat\(0x|user\(\)|substring\(|count\(\*\)|substring\(hex\(|updatexml\()
SQL报错注入过滤01	
   
(@@version|load_file\(|NAME_CONST\(|exp\(\~|floor\(rand\(|geometrycollection\(|multipoint\(|polygon\(|multipolygon\(|linestring\(|multilinestring\()
SQL报错注入过滤02	
   
(substr\()
SQL注入过滤10	
   
(ORD\(|MID\(|IFNULL\(|CAST\(|CHAR\))
SQL注入过滤1	
   
(EXISTS\(|SELECT\#|\(SELECT)
SQL注入过滤1	
   
(array_map\("ass)
菜刀流量过滤	
   
(bin\(|ascii\(|benchmark\(|concat_ws\(|group_concat\(|strcmp\(|left\(|datadir\(|greatest\()
SQL报错注入过滤01

POST过滤

\.\./\.\./
目录保护1	
   
(?:etc\/\W*passwd)
目录保护3	
   
(gopher|doc|php|glob|^file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
PHP流协议过滤1	
   
base64_decode\(
一句话*屏蔽的关键字*过滤1	
   
(?:define|eval|file_get_contents|include|require_once|shell_exec|phpinfo|system|passthru|chr|char|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog|file_put_contents|fopen|urldecode|scandir)\(
一句话*屏蔽的关键字*过滤2	
   
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)
一句话*屏蔽的关键字*过滤3	
   
select.+(from|limit)
SQL注入过滤2	
   
(?:(union(.*?)select))
SQL注入过滤3	
   
benchmark\((.*)\,(.*)\)
SQL注入过滤6	
   
(?:from\W+information_schema\W)
SQL注入过滤7	
   
(?:(?:current_)user|database|concat|extractvalue|polygon|updatexml|geometrycollection|schema|multipoint|multipolygon|connection_id|linestring|multilinestring|exp|right|sleep|group_concat|load_file|benchmark|file_put_contents|urldecode|system|file_get_contents|select|substring|substr|fopen|popen|phpinfo|user|alert|scandir|shell_exec|eval|execute|concat_ws|strcmp|right)\s*\(
SQL注入过滤8	
   
(extractvalue\(|concat\(|user\(\)|substring\(|count\(\*\)|substring\(hex\(|updatexml\()
SQL报错注入过滤01	
   
(@@version|load_file\(|NAME_CONST\(|exp\(\~|floor\(rand\(|geometrycollection\(|multipoint\(|polygon\(|multipolygon\(|linestring\(|multilinestring\(|right\()
SQL报错注入过滤02	
   
(substr\()
SQL注入过滤10	
   
(ORD\(|MID\(|IFNULL\(|CAST\(|CHAR\()
SQL注入过滤1	
   
(EXISTS\(|SELECT\#|\(SELECT|select\()
SQL注入过滤1	
   
(array_map\("ass)
菜刀流量过滤	
   
(bin\(|ascii\(|benchmark\(|concat_ws\(|group_concat\(|strcmp\(|left\(|datadir\(|greatest\()
SQL报错注入过滤01	
   
(?:from.+?information_schema.+?)
--	
      
\${jndi:
log4j2拦截