I just bumped on this thread and noticed that it have 2 down votes. Anyway, I just want to post what I did to block HULK requests.
In
/etc/nginx/conf.d/default.conf (or similar). I added the following inside the server block:if ($args ~* "(.{1,})=(.{1,})" ){
rewrite ^/$ /444_rewrite?;
}
location /444_rewrite {
return 444;
}
What it does? Since the site is using friendly URL and none of the site URL starts with
? and =, I can redirect all those weird GET requests to 444. The argument (.{1,})=(.{1,}) tells Nginx to redirect all GET requests that have any characters with = between them.