<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi all,</p>
<p>Unfortunately, its impossible to use limit_req within the http
location using a "if" statement like so:</p>
<p>http {</p>
<p>limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;<br>
</p>
<p>if ($http_user_agent ~* (Jorgee)) {</p>
<p>limit_req zone=one burst=5;<br>
</p>
<p>return 403;<br>
</p>
<p>}<br>
</p>
<p>}<br>
</p>
<br>
As a workaround I use limit_req within a location to prevent my
uwsgi app for being abused.<br>
<br>
Cheers,<br>
E<br>
<br>
<div class="moz-cite-prefix">Le 2017-07-24 à 08:12, Zhang Chao a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CAPr95Bh8tXhmNqTeoMV7oGaVO9k7Rw9xSjzec-sy7tiFZ1SK1w@mail.gmail.com">
<style>
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
padding:1em;
margin:auto;
background:#fefefe;
}
h1, h2, h3, h4, h5, h6 {
font-weight: bold;
}
h1 {
color: #000000;
font-size: 28pt;
}
h2 {
border-bottom: 1px solid #CCCCCC;
color: #000000;
font-size: 24px;
}
h3 {
font-size: 18px;
}
h4 {
font-size: 16px;
}
h5 {
font-size: 14px;
}
h6 {
color: #777777;
background-color: inherit;
font-size: 14px;
}
hr {
height: 0.2em;
border: 0;
color: #CCCCCC;
background-color: #CCCCCC;
display: inherit;
}
p, blockquote, ul, ol, dl, li, table, pre {
margin: 15px 0;
}
a, a:visited {
color: #4183C4;
background-color: inherit;
text-decoration: none;
}
#message {
border-radius: 6px;
border: 1px solid #ccc;
display:block;
width:100%;
height:60px;
margin:6px 0px;
}
button, #ws {
font-size: 12 pt;
padding: 4px 6px;
border-radius: 5px;
border: 1px solid #bbb;
background-color: #eee;
}
code, pre, #ws, #message {
font-family: Monaco;
font-size: 10pt;
border-radius: 3px;
background-color: #F8F8F8;
color: inherit;
}
code {
border: 1px solid #EAEAEA;
margin: 0 2px;
padding: 0 5px;
}
pre {
border: 1px solid #CCCCCC;
overflow: auto;
padding: 4px 8px;
}
pre > code {
border: 0;
margin: 0;
padding: 0;
}
#ws { background-color: #f8f8f8; }
.bloop_markdown table {
border-collapse: collapse;
font-family: Helvetica, arial, freesans, clean, sans-serif;
color: rgb(51, 51, 51);
font-size: 15px; line-height: 25px;
padding: 0; }
.bloop_markdown table tr {
border-top: 1px solid #cccccc;
background-color: white;
margin: 0;
padding: 0; }
.bloop_markdown table tr:nth-child(2n) {
background-color: #f8f8f8; }
.bloop_markdown table tr th {
font-weight: bold;
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr td {
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr th :first-child, table tr td :first-child {
margin-top: 0; }
.bloop_markdown table tr th :last-child, table tr td :last-child {
margin-bottom: 0; }
.bloop_markdown blockquote{
border-left: 4px solid #dddddd;
padding: 0 15px;
color: #777777; }
blockquote > :first-child {
margin-top: 0; }
blockquote > :last-child {
margin-bottom: 0; }
code, pre, #ws, #message {
word-break: normal;
word-wrap: normal;
}
hr {
display: inherit;
}
.bloop_markdown :first-child {
-webkit-margin-before: 0;
}
code, pre, #ws, #message {
font-family: Menlo, Consolas, Liberation Mono, Courier, monospace;
}
.send { color:#77bb77; }
.server { color:#7799bb; }
.error { color:#AA0000; }</style>
<div class="bloop_markdown">
<p>Hi!</p>
<p>Nginx carries with the <a
href="http://nginx.org/en/docs/http/ngx_http_limit_req_module.html"
moz-do-not-send="true">limit_req_module</a>. I think it is a
good helper.</p>
</div>
<div class="bloop_original_html">
<style>body{font-family:Helvetica,Arial;font-size:13px}</style>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<br>
<p class="airmail_on">On 24 July 2017 at 20:10:05, Gary Sellani
(<a href="mailto:lists@lazygranch.com" moz-do-not-send="true">lists@lazygranch.com</a>)
wrote:</p>
<blockquote type="cite" class="clean_bq"><span>
<div>
<div>I just detect the use agent and return 444, but every
attempt to get a file will show up in your access.log. <br>
<br>
<a
href="https://www.buildersociety.com/threads/block-unwanted-bots-on-apache-nginx-constantly-updated.1898/"
moz-do-not-send="true">https://www.buildersociety.com/threads/block-unwanted-bots-on-apache-nginx-constantly-updated.1898/</a><br>
<br>
I get two or three jorgee "sessions" a day. They tend
not to use the domain name but reference your server by
IP, so there might be some better blocking scheme. <br>
<br>
Original Message <br>
From: <a href="mailto:tkadm30@yandex.com"
moz-do-not-send="true">tkadm30@yandex.com</a><br>
Sent: July 24, 2017 3:14 AM<br>
To: <a href="mailto:nginx@nginx.org"
moz-do-not-send="true">nginx@nginx.org</a><br>
Reply-to: <a href="mailto:nginx@nginx.org"
moz-do-not-send="true">nginx@nginx.org</a><br>
Subject: How to rate-limit jorgee malware scanner?<br>
<br>
Hi,<br>
<br>
The Jorgee malware scanner is creating a lot of activity
on my site. I <br>
would like to rate-limit its connections to nginx based
on the <br>
User-Agent, since blocking all IP addresses with
iptables seems <br>
impossible. Is their a quick way of doing this ?<br>
<br>
Thank you in advance ,<br>
<br>
E<br>
<br>
-- <br>
Etienne Robillard<br>
<a href="mailto:tkadm30@yandex.com"
moz-do-not-send="true">tkadm30@yandex.com</a><br>
<a href="http://www.isotopesoftware.ca/"
moz-do-not-send="true">http://www.isotopesoftware.ca/</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" moz-do-not-send="true">nginx@nginx.org</a><br>
<a
href="http://mailman.nginx.org/mailman/listinfo/nginx"
moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" moz-do-not-send="true">nginx@nginx.org</a><br>
<a
href="http://mailman.nginx.org/mailman/listinfo/nginx"
moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a></div>
</div>
</span></blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Etienne Robillard
<a class="moz-txt-link-abbreviated" href="mailto:tkadm30@yandex.com">tkadm30@yandex.com</a>
<a class="moz-txt-link-freetext" href="http://www.isotopesoftware.ca/">http://www.isotopesoftware.ca/</a></pre>
</body>
</html>