starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[PR #4771] [CLOSED] Better exploit blocking #3956

New issue
Closed
opened 2026-02-26 08:32:35 +03:00 by kerem · 0 comments
kerem commented 2026-02-26 08:32:35 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4771
Author: @fuomag9
Created: 9/19/2025
Status: Closed

Base: developHead: develop

📝 Commits (10+)

  • 79b12e8 Initial plan
  • 21e1697 Significantly enhance block-exploits.conf with comprehensive security protections
  • dd2e443 Remove overly restrictive rules based on feedback - PUT/DELETE methods, spam filtering, scanner detection, and rate limiting
  • 2185b82 Refine security patterns: reduce false positives in null byte detection and expand RFI protocol coverage
  • 85d3917 Merge pull request #1 from fuomag9/copilot/fix-8ec03630-c3d1-4216-a4b9-9223ce132442
  • 315192f first rewrite commit
  • 29acf06 Swapped the entire UI to Material UI, applied a global dark theme, and removed all of the old styled-jsx/CSS-module styling
  • d9ced96 implement oauth2 login
  • b064003 Updated the UI
  • 668b667 updated a lot of stuff

📊 Changes

616 files changed (+13644 additions, -47565 deletions)

View changed files

.dockerignore (+50 -0)
.eslintrc.json (+6 -0)
.github/workflows/docker-build.yml (+76 -0)
📝 .gitignore (+11 -9)
Jenkinsfile (+0 -285)
📝 README.md (+150 -80)
app/(auth)/login/LoginClient.tsx (+71 -0)
app/(auth)/login/page.tsx (+12 -0)
app/(dashboard)/DashboardLayoutClient.tsx (+227 -0)
app/(dashboard)/OverviewClient.tsx (+131 -0)
app/(dashboard)/access-lists/AccessListsClient.tsx (+140 -0)
app/(dashboard)/access-lists/actions.ts (+83 -0)
app/(dashboard)/access-lists/page.tsx (+7 -0)
app/(dashboard)/audit-log/AuditLogClient.tsx (+41 -0)
app/(dashboard)/audit-log/page.tsx (+20 -0)
app/(dashboard)/certificates/CertificatesClient.tsx (+169 -0)
app/(dashboard)/certificates/actions.ts (+63 -0)
app/(dashboard)/certificates/page.tsx (+7 -0)
app/(dashboard)/dead-hosts/DeadHostsClient.tsx (+155 -0)
app/(dashboard)/dead-hosts/actions.ts (+59 -0)

...and 80 more files

📄 Description

This should improve exploit blocking, better implementation would to be use https://coraza.io but in the short term this should be more useful. I've removed the spam section since it doesn't make sense and it's too prone to bypasses anyway (I know obfuscation also works for other vulnerabilities types)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4771 **Author:** [@fuomag9](https://github.com/fuomag9) **Created:** 9/19/2025 **Status:** ❌ Closed **Base:** `develop` ← **Head:** `develop` --- ### 📝 Commits (10+) - [`79b12e8`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/79b12e8470a379d64a16a4002709880c77e70223) Initial plan - [`21e1697`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/21e1697b8a0e984199fd8c20e4872b50af07ed7c) Significantly enhance block-exploits.conf with comprehensive security protections - [`dd2e443`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/dd2e443da6a63d2895e4f1d05af252007f513dc2) Remove overly restrictive rules based on feedback - PUT/DELETE methods, spam filtering, scanner detection, and rate limiting - [`2185b82`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/2185b8244c7981a4de13dc4dd19110d323e1d8cd) Refine security patterns: reduce false positives in null byte detection and expand RFI protocol coverage - [`85d3917`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/85d3917f08a202bca612bca9086db51a40ea333e) Merge pull request #1 from fuomag9/copilot/fix-8ec03630-c3d1-4216-a4b9-9223ce132442 - [`315192f`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/315192fb543a81a17a8f54067b30cc8cafa76fd2) first rewrite commit - [`29acf06`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/29acf06f75bd8a33c5ca2b830bde32de4f787ea6) Swapped the entire UI to Material UI, applied a global dark theme, and removed all of the old styled-jsx/CSS-module styling - [`d9ced96`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/d9ced96e1b90bd817c4511aa5e46c0faa0e43aee) implement oauth2 login - [`b064003`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/b064003c345bf021c3eb106321b92b37dc33ba9a) Updated the UI - [`668b667`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/668b667fe9ab12a03c2826486294f7bb0aba92b1) updated a lot of stuff ### 📊 Changes **616 files changed** (+13644 additions, -47565 deletions) <details> <summary>View changed files</summary> ➕ `.dockerignore` (+50 -0) ➕ `.eslintrc.json` (+6 -0) ➕ `.github/workflows/docker-build.yml` (+76 -0) 📝 `.gitignore` (+11 -9) ➖ `Jenkinsfile` (+0 -285) 📝 `README.md` (+150 -80) ➕ `app/(auth)/login/LoginClient.tsx` (+71 -0) ➕ `app/(auth)/login/page.tsx` (+12 -0) ➕ `app/(dashboard)/DashboardLayoutClient.tsx` (+227 -0) ➕ `app/(dashboard)/OverviewClient.tsx` (+131 -0) ➕ `app/(dashboard)/access-lists/AccessListsClient.tsx` (+140 -0) ➕ `app/(dashboard)/access-lists/actions.ts` (+83 -0) ➕ `app/(dashboard)/access-lists/page.tsx` (+7 -0) ➕ `app/(dashboard)/audit-log/AuditLogClient.tsx` (+41 -0) ➕ `app/(dashboard)/audit-log/page.tsx` (+20 -0) ➕ `app/(dashboard)/certificates/CertificatesClient.tsx` (+169 -0) ➕ `app/(dashboard)/certificates/actions.ts` (+63 -0) ➕ `app/(dashboard)/certificates/page.tsx` (+7 -0) ➕ `app/(dashboard)/dead-hosts/DeadHostsClient.tsx` (+155 -0) ➕ `app/(dashboard)/dead-hosts/actions.ts` (+59 -0) _...and 80 more files_ </details> ### 📄 Description This should improve exploit blocking, better implementation would to be use https://coraza.io but in the short term this should be more useful. I've removed the spam section since it doesn't make sense and it's too prone to bypasses anyway (I know obfuscation also works for other vulnerabilities types) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-26 08:32:35 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#3956
No description provided.