How to defy this url in nginx.conf

Cliff Wells cliff at develix.com
Fri Mar 9 18:46:08 UTC 2012


On Fri, 2012-03-09 at 13:25 -0500, JennrCheng wrote:
> My server can't be run normal now,when I check the access.log I see
> there are lot of connections request my site url :
> /iclk/?zoneid=15&uid=1000 .
> 
> I want to defy this url in nginx.conf. I just write the below code in
> the file but it can't work , can any kind man help me . lot of thanks.

First of all, Nginx is already rejecting the request, which is why Nginx
returns a 404.

> 60.19.120.162 - - [10/Mar/2012:02:02:34 +0800] "GET
> /iclk/?zoneid=15&uid=1000 HTTP/1.1" 404 564 "-" "Mozilla/4.0

> location ^~ uid\=1000$
> {
>     return 404;
> }

Locations cannot be based off of the request arguments. You could catch
the request by using something like this (assuming /iclk isn't valid for
some other part of your site):

location ^~ /iclk { return 404; }

In any case, it isn't necessary since Nginx is already doing this for
you.  

If these requests are hacking attempts, you could utilize a tool such as
fail2ban that watched your Nginx logs for requests that match the
pattern and blocked the IP addresses using your system's firewall.

For future reference, if you are going to paste giant sections from log
files, please use pastebin and just provide a link.

Regards,
Cliff



More information about the nginx mailing list