I am receiving requests of this type on my website (I think it's an attack):
/name-of-post/==f.charAt(f.length-1))%7Bif(f=f.substr(1,f.length-2),-1!=x.indexOf(f))return%20I=!0
/name-of-post/&&(d=!1,b=b.substring(1));var%20m=b.split
How can I block them to return an HTTP 444 status code?
In that case you know the kind of URIs and you want to block them AND under the warning that this is NOT! a 100% protection OR WAF (Web application firewall) implementation this will do the trick for the kind of URIs including a sequence of bad characters like ; %3B charAt var
location ~ "(\bcharAt|;|\%3B|var\b)" {
return 444 "Bad Request\n";
}
Be careful adding bad characters. ? and + = . are legit for example.
A better approach would be the usage of a Web Application Firewall to detect such request and block them. Look into mod_security if you want to learn more about it.