снова valid_referers & ssl
Artem Danilenko
darkden at mail.ru
Thu Mar 10 21:50:49 MSK 2005
Hello Igor,
Проблема в следущем, есть два сервер оба отдают статику(один еще
динамику через прокси) у обих стоит проверка valid_referers в обоих
случаях *.test.com/, на сервер который отдает только статику если
рефер стоит просто домен test.com то выдается 403 ошибка, сначала я
подумал просто нету такова имени в server_name в описании сервер, но
потом заметил что если стоит рефер www.test.com то все нормально,
конфигурации серверов и куски лога приведены ниже...
сегодня поробовал использовать в nginx, ssl на тестовом сервере и
заметил что первый запрос обычно выдает ошибку 400
10.10.4.64 - - [10/Mar/2005:15:27:54 +0500] "" 400 0 "-" "-"
10.10.4.64 - - [10/Mar/2005:15:28:05 +0500] "GET / HTTP/1.1" 200 480 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; SV1; .NET CLR 1.1.432
2)"
первый сервер:
server {
listen 80;
server_name download.test.com;
location / {
valid_referers none server_names *.test.com/;
if ($invalid_referer) {
return 403;
}
root /www/download.test.com;
access_log logs/static/test.log download;
expires 30d;
}
}
5.133.70.115 - - [10/Mar/2005:19:08:19 +0500] "GET /46/2004rt.zip HTTP/1.0" 206 24820 "http://download.test.com/46/" "Mozilla/4.0 (compatible;
MSIE 5.0; Windows 98)" "bytes=3056937-" "bytes 3056937-16183824/16183825"
3.237.59.190 - - [10/Mar/2005:19:28:47 +0500] "GET /40/4rv.zip HTTP/1.0" 403 679 "http://test.com/files.html?action=download&id=1477" "Mozilla
/4.0 (compatible; MSIE 5.0; Windows 98)" "bytes=10468548-" "-"
7.20.211.210 - - [10/Mar/2005:19:31:45 +0500] "GET /36/fde.zip HTTP/1.1" 200 8956 "http://www.test.com/forum/index.php?showtopic=7440" "Mozilla/4.
0 (compatible; MSIE 6.0; Windows NT 5.1)" "-" "-"
3.237.63.134 - - [10/Mar/2005:19:50:18 +0500] "GET /40/4rv.zip HTTP/1.0" 403 679 "http://test.com/files.html?action=download&id=1477" "Mozilla
/4.0 (compatible; MSIE 5.0; Windows 98)" "bytes=8988752-" "-"
5.133.70.115 - - [10/Mar/2005:20:14:03 +0500] "GET /46/2004rt.zip HTTP/1.0" 206 370840 "http://download.test.com/46/" "Mozilla/4.0 (compatible;
MSIE 5.0; Windows 98)" "bytes=3068275-" "bytes 3068275-16183824/16183825"
5.133.70.115 - - [10/Mar/2005:20:35:31 +0500] "GET /46/2004rt.zip HTTP/1.0" 206 994345 "http://download.test.com/46/" "Mozilla/4.0 (compatible;
MSIE 5.0; Windows 98)" "bytes=15189821-" "bytes 15189821-16183824/16183825"
5.133.70.115 - - [10/Mar/2005:20:44:20 +0500] "GET /46/2004rt.zip HTTP/1.0" 206 226300 "http://download.test.com/46/" "Mozilla/4.0 (compatible;
MSIE 5.0; Windows 98)" "bytes=4693587-" "bytes 4693587-16183824/16183825"
3.237.63.134 - - [10/Mar/2005:21:17:13 +0500] "GET /27/003.zip HTTP/1.0" 403 679 "http://test.com/files.html?action=download&id=287" "Mozilla/4.0 (co
mpatible; MSIE 5.0; Windows 98)" "bytes=3482577-" "-"
3.237.17.148 - - [10/Mar/2005:21:28:57 +0500] "GET /27/003.zip HTTP/1.0" 403 679 "http://test.com/files.html?action=download&id=287" "Mozilla/4.0 (co
mpatible; MSIE 5.0; Windows 98)" "bytes=5337625-" "-"
3.237.17.148 - - [10/Mar/2005:21:32:15 +0500] "GET /40/pit.zip HTTP/1.0" 403 679 "http://test.com/files.html?action=downl
oad&id=1613" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)" "bytes=26318102-" "-"
второй сервер
server {
listen 80;
server_name test.com www.test.com;
access_log logs/test.log;
location / {
proxy_pass http://127.0.0.1/;
client_max_body_size 80m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 9m;
proxy_preserve_host on;
proxy_set_x_real_ip on;
proxy_add_x_forwarded_for on;
proxy_header_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /tmp/nginx;
}
location ~* ^.+\.(jpg|jpeg|gif|css|htm|html|zip|rar|swf|txt|exe|mpg|mp3|ico|avi|png|js|pdf)$ {
valid_referers none server_names *.test.com/;
if ($invalid_referer) {
return 403;
}
root /www/test.com;
access_log logs/test-static.log download;
expires 30d;
}
}
94.84.246.71 - - [10/Mar/2005:12:21:31 +0500] "GET /images/6/img196.jpg HTTP/1.0" 200 7037 "http://test.com/files.html?folder=6&page=4" "Moz
illa/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" "-" "-"
94.84.246.71 - - [10/Mar/2005:12:21:32 +0500] "GET /images/6/img2875.jpg HTTP/1.0" 200 3459 "http://test.com/files.html?folder=6&page=4" "Mo
zilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" "-" "-"
4.142.118.234 - - [10/Mar/2005:12:21:38 +0500] "GET /files/40/2k4.zip HTTP/1.0" 206 1079160 "http://test.com/files.html?action=download&id=1441" "
Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)" "bytes=1657475-" "bytes 1657475-5835928/5835929"
4.142.118.234 - - [10/Mar/2005:12:21:39 +0500] "GET /files/40/2k4.zip HTTP/1.0" 206 1288920 "http://test.com/files.html?action=download&id=1441" "
Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)" "bytes=2974393-" "bytes 2974393-5835928/5835929"
Best regards,
Artem mailto:darkden at mail.ru
...Мы его в кипятке и сварили!
More information about the nginx-ru
mailing list