Full request line variable
Igor Sysoev
is at rambler-co.ru
Sat Sep 19 09:41:40 MSD 2009
On Sat, Sep 19, 2009 at 10:54:12AM +0800, Joshua Zhu wrote:
> Hi,
>
> Add this virtual server to your configuration file:
>
> server {
> listen 80;
> server_name ~.*proxy.*;
>
> return 444;
> }
It's better to set default server to handle all not your names:
server {
listen 80 default;
server_name _; # "_" is nonexistant DNS name
return 444;
}
server {
listen 80;
server_name www.main.name
"" # this server will also handle requests
# without Host at all
;
...
}
> On Sat, Sep 19, 2009 at 10:02 AM, <2947779 at deadaddress.com> wrote:
> > What 0.7.62 variable gives the full request line?
> > We need to defeat proxying attempts.
> > Here's what we find in access logs:
> >
> > Good: GET /valid HTTP/1.1
> > Evil: GET http://www.externaldomain.com/ HTTP/1.1
> >
> > The proxy attempt should get a 444, but right now
> > redirects to our home page. We want to use 444
> > to conserve CPU and bandwidth. We use ^http
> > but it fails:
> >
> > if ($request_uri ~* (^http.*|.*proxy.*) ) {
> > return 444;
> > }
> >
> > --
> > http://www.fastmail.fm - Or how I learned to stop worrying and
> > love email again
> >
> >
> >
>
> Cheers,
>
> --
> Joshua Zhu
> http://www.zhuzhaoyuan.com
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list