Nginx 1.6 under load gives a ton of error 403

Richard Stanway r1ch+nginx at teamliquid.net
Tue May 6 11:09:12 UTC 2014


Your config is returning a 403 from any referrer containing "love" any you
have such URLs on your own site according to your log excerpt. I would not
recommend such referrer matching, it's unlikely to help in any case.


On Tue, May 6, 2014 at 12:30 PM, dfumagalli <nginx-forum at nginx.us> wrote:

> This is also what I thought. I have searched the whole nginx etc directory
> for 403 and deny
>
> /etc/nginx# grep -r '403' .
>
>  and the results I got are these snippets:
>
>         # Deny bad Referers
>         if ($http_referer ~*
> (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen)) {
>                 return 403;
>         }
>
> ...
>
>         # deny access to .htaccess files, if Apache's document root
>         # concurs with nginx's one
>         #
>         location ~ /\. { access_log off; log_not_found off; deny all; }
>
>         # Wordpress uses the robots.txt
>         location = /robots.txt  { access_log off; log_not_found off; }
>         location = /favicon.ico { access_log off; log_not_found off; }
>         location ~ ~$           { access_log off; log_not_found off; deny
> all; }
>
> ...
>
> The apps are several, they all follow the "index.php is the controller"
> paradygm.
>
>
>         # Make sure files with the following extensions do not get loaded
> by
> nginx because nginx would display the source code, and these files can
> contain PASSWORDS!
>         location ~*
>
> \.(engine|inc|ini|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_
> {
>         deny all;
>         }
>
>         location ~ /config.php {
>                 deny all;
>         }
>
>
>
>
> It's not the UFW firewall as well, because the error shows up even with UFW
> disabled. So the potential culprit may be php-fpm or some weird nginx
> option. Here's the master conf file, the others don't specify anything but
> location
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,249857,249863#msg-249863
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140506/13fcc108/attachment.html>


More information about the nginx mailing list