Full request line variable

Igor Sysoev is at rambler-co.ru
Sat Sep 19 09:41:40 MSD 2009


On Sat, Sep 19, 2009 at 10:54:12AM +0800, Joshua Zhu wrote:

> Hi,
> 
> Add this virtual server to your configuration file:
> 
> server {
>             listen 80;
>             server_name ~.*proxy.*;
> 
>             return 444;
> }

It's better to set default server to handle all not your names:

server {
     listen 80 default;
     server_name  _;  # "_" is nonexistant DNS name
     return 444;
}

server {
     listen 80;
     server_name  www.main.name
                  ""  # this server will also handle requests
                      # without Host at all
                  ;
     ...
}

> On Sat, Sep 19, 2009 at 10:02 AM,  <2947779 at deadaddress.com> wrote:
> > What 0.7.62 variable gives the full request line?
> > We need to defeat proxying attempts.
> > Here's what we find in access logs:
> >
> > Good:   GET /valid HTTP/1.1
> > Evil:   GET http://www.externaldomain.com/ HTTP/1.1
> >
> > The proxy attempt should get a 444, but right now
> > redirects to our home page.  We want to use 444
> > to conserve CPU and bandwidth.  We use ^http
> > but it fails:
> >
> > if ($request_uri ~* (^http.*|.*proxy.*) ) {
> >  return 444;
> > }
> >
> > --
> > http://www.fastmail.fm - Or how I learned to stop worrying and
> >                          love email again
> >
> >
> >
> 
> Cheers,
> 
> -- 
> Joshua Zhu
> http://www.zhuzhaoyuan.com

-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list