Deny referrer using map directive

Dewangga dewanggaba at xtremenitro.org
Mon May 4 08:27:56 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!

On 5/4/2015 15:22, Francis Daly wrote:
> On Mon, May 04, 2015 at 11:43:10AM +0700, Dewangga wrote:
> 
> Hi there,
> 
>> map $http_referer $badboys { hostnames; default         0; 
>> "~*hitleap.com" 1; }
> 
> For info:
> 
> This should work as-is; but when using "hostnames", you probably
> don't need the regex match. Just ".hitleap.com" will do what you
> possibly want. (It is not the same: both will block a.hitleap.com;
> but only one will block ahitleap.com or hitleap.com.a.)

You do the trick, just using ".hitleap.com" and the regex matched.

$ curl -IL https://www.domain.name -e www2.hitleap.com
HTTP/1.1 406 Not Acceptable
Server: MCM-WS
Date: Mon, 04 May 2015 08:30:42 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive

> 
>> but, if I tried to access them using given referral, still got
>> HTTP 200. $ curl -I https://domain.name -L -e hitleap.com | grep
>> 200
> 
> It works for me, using http: (because I don't have a test https:
> server to hand). What happens when you leave all of the
> "...skip..." parts empty?
> 
>> Is there any additional configuration needed?
> 
> Do your logs show that this request was handled in the server{}
> block that you think it was handled in?
> 
> f
> 

Thanks in a bunch Francis :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJVRy2MAAoJEF1+odKB6YIx5zoH/RlUa3u2CIZHTVYYZuQQomEw
s0Ul7D35GNmMWCon2wJDM0fKQKllSWLt6ed/G3UQuVCof3sNd9S8o7cuvsNpSpW5
Vds+lKIRDK6JsNxrjWONoPKWL9iEkIjItwF2VWUHTXhFPBoNEvhD4IWabqhtj4CC
ljaM6Tza8vOIWKBR7FTSwnSwKnXasax7mZwDP0/h+jca7k+KBN9fo2k59yCxZRjm
iAsFfUQ4bCR9jbkE5tqOx+UI2/6QXYsl4I1tqFqUHggHA4t9Hkd5JvcmPIPocCQi
I2ZHOVaU4k7KQfnQtsgnf3YttiOb35/je9085wSm1+uFAfodw3owQxl8eKGaBGs=
=/yob
-----END PGP SIGNATURE-----



More information about the nginx mailing list