写的不够全 大部分都写上了
if ($request_uri ~* (.*)(aNd%20|%20|%3D|oRder%20|union%2F|select%2F|%2F|%27|%20union|insert|select%20|delete%20|update%20|count|\.conf|\.gz|\.tar|\.zip|\.tgz|\.bz|\.sql|master|truncate|declare|0x|\'|\;|%20and|%20or|\(|\)|exec)(.*)$ ) {
return 404;
}