Fake video sharing Android App !!

Patrik Kernstock info at pkern.at
Mon Mar 16 13:55:40 UTC 2015


> if ($http_user_agent ~* "Linux;Android 4.2.2") {
>    return 403;
> }

Looks correct, but maybe nginx does not like the ";" in the provided 
string? To be true, I never used such an rule. But anyhow this isn't the 
perfect solution: You're just blocking Android with version 4.2.2 with 
that. When an user has a phone with just Android 4 the if won't work.

Just try that, I hope it will work (I'm just guessing):
>> if ($http_user_agent ~* '(Android|android)') {

Regards,
Patrik

On 2015-03-16 14:45, shahzaib shahzaib wrote:
> Hi,
> 
>     I have installed that android app and requested log against my ip
> is following :
> 
> 39.49.52.224 - - [15/Mar/2015:10:40:26 +0500] "GET
> /files/thumbs/2015/03/14/1426310448973c5-1.jpg HTTP/1.1" 200 13096 "-"
> "Dalvik/1.6.0 (Linux; U; Android 4.2.2; GT-S7582 Build/JDQ39)"
> 
> where 39.49.52.224 is ip of my modem.
> 
> I have also tried blocking specific user agent such as Android but
> neither it worked (sure i am doing something wrong) nor this is the
> correct solution :
> 
> if ($http_user_agent ~* "Linux;Android 4.2.2") {
>    return 403;
> }
> 
> Thanks.
> 
> Shahzaib
> 
> On Mon, Mar 16, 2015 at 6:28 PM, Francis Daly <francis at daoine.org>
> wrote:
> 
>> On Mon, Mar 16, 2015 at 04:09:30PM +0500, shahzaib shahzaib wrote:
>> 
>> Hi there,
>> 
>>> Webserver is nginx and hotlinking is already enabled but the
>> issue with no
>>> Referer_Header for the requests being generated by this android
>>> application.
>>> 
>>> What precautions should we take to prevent this application by
>> using our
>>> server's bandwidth ?
>> 
>> You have "the requests that you wish to allow as normal". You have
>> "the
>> requests that you wish not to allow, since they come from this
>> client".
>> 
>> What part of the request that nginx sees puts it into the "yes" or
>> "no" bucket?
>> 
>> Put that in your configuration, so that "yes" does what happens
>> now,
>> and "no" returns a http error, or returns a different video
>> inviting
>> the client to get your official app.
>> 
>> Perhaps their app uses a unique User-Agent header; or all "wanted"
>> clients do include a Referer header?
>> 
>> If you can't tell a "good" request from a "bad" one, you probably
>> cannot
>> configure nginx to.
>> 
>> f
>> --
>> Francis Daly francis at daoine.org
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx [1]
> 
> 
> 
> Links:
> ------
> [1] http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list