LouisdeLooze/10_block_sessionreaper_malicious_file_upload.conf

## 10_block_sessionreaper_malicious_file_upload.conf
# deployed by ewings-tools

# The known malware SessionReaper (CVE-2025-54236) places a malicious file to the upload endpoints of address_file_upload and customer_file_upload.
# To prevent exploitation of this behavior, we block access to these endpoints.

location ~* /(address/)?(address|customer)_file(/|_)upload/? {
    return 403;
}

location ~* /customer(_custom_attributes)?/(address|customer)_file(/|_)upload/? {
    return 403;
}

# We additionally block access to any uploaded files in these sess files, to be extra safe.
# Block all requests starting with media/customer_address/s/e/sess_
location ~* /media/customer_address/s/e/sess_ {
    return 403;
}
	# deployed by ewings-tools

	# The known malware SessionReaper (CVE-2025-54236) places a malicious file to the upload endpoints of address_file_upload and customer_file_upload.
	# To prevent exploitation of this behavior, we block access to these endpoints.

	location ~* /(address/)?(address\|customer)_file(/\|_)upload/? {
	return 403;
	}

	location ~* /customer(_custom_attributes)?/(address\|customer)_file(/\|_)upload/? {
	return 403;
	}

	# We additionally block access to any uploaded files in these sess files, to be extra safe.
	# Block all requests starting with media/customer_address/s/e/sess_
	location ~* /media/customer_address/s/e/sess_ {
	return 403;
	}
No results found