<div dir="ltr">@itpp, as i sent the logs above that referer_header for android requests are empty, maybe blocking requests based on empty referer_header will partially resolve our issue ? Following is the config i used to block empty referer_header but in vain.<br><br><pre><code>valid_referers server_names ~.;
if ($invalid_referer) {
return 403;
}<br><br></code></pre><pre><code>Android request log :<br><br></code><br>39.49.52.224 - - [15/Mar/2015:10:40:26 +0500] "GET /files/thumbs/2015/03/14/1426310448973c5-1.jpg HTTP/1.1" 200 13096 "-" "Dalvik/1.6.0 (Linux; U; Android 4.2.2; GT-S7582 Build/JDQ39)"<br></pre><pre><code><br></code></pre><pre><code>I might be putting this config under wrong location, following is the content of android.conf and virtual.conf :<br><br></code></pre><pre><code>virtual.conf :<br><br>server {<br> listen 80;<br> server_name <a href="http://conversion.domain.com">conversion.domain.com</a>;<br> client_max_body_size 8000m;<br># limit_rate 180k;<br> # access_log /websites/<a href="http://theos.in/logs/access.log">theos.in/logs/access.log</a> main;<br><br> location / {<br> root /var/www/html/conversion;<br> index index.html index.htm index.php;<br> # autoindex on;<br> include android.conf;<br>}<br>location ~ \.(flv|jpg|jpeg)$ {<br> flv;<br> root /var/www/html/conversion;<br> expires 2d;<br> include android.conf;<br> valid_referers none blocked <a href="http://domain.net">domain.net</a> <a href="http://www.domain.net">www.domain.net</a> <a href="http://domain.com">domain.com</a> <a href="http://www.domain.com">www.domain.com</a>;<br> if ($invalid_referer) {<br> return 403;<br> }<br> }<br>location ~ \.(mp4)$ {<br> mp4;<br> root /var/www/html/conversion;<br> expires 1d;<br> include android.conf;<br> valid_referers none blocked <a href="http://domain.net">domain.net</a> <a href="http://www.domain.net">www.domain.net</a> <a href="http://domain.com">domain.com</a> <a href="http://www.domain.com">www.domain.com</a>;<br> if ($invalid_referer) {<br> return 403;<br> }<br> }<br><br> # pass the PHP scripts to FastCGI server listening on <a href="http://127.0.0.1:9000">127.0.0.1:9000</a><br> location ~ \.php$ {<br> root /var/www/html/conversion;<br> fastcgi_pass <a href="http://127.0.0.1:9000">127.0.0.1:9000</a>;<br> fastcgi_index index.php;<br> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br> include fastcgi_params;<br> }<br><br> location ~ /\.ht {<br> deny all;<br> }<br>}<br><br><br></code></pre><pre><code>android.conf :<br><br>#if ($http_user_agent ~* "Android") {<br># return 403;<br>#}<br><br>valid_referers server_names ~.;<br>if ($invalid_referer) {<br> return 403;<br>}<br><br></code></pre><pre><code>Regards.<br></code></pre><pre><code>Shahzaib<br></code></pre></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 17, 2015 at 2:10 PM, itpp2012 <span dir="ltr"><<a href="mailto:nginx-forum@nginx.us" target="_blank">nginx-forum@nginx.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'd use some kind of authentication based on a user logging in before<br>
allowing use of a service, an encrypted cookie or something along that line.<br>
<br>
Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,257269,257303#msg-257303" target="_blank">http://forum.nginx.org/read.php?2,257269,257303#msg-257303</a><br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>