Deny referrer using map directive

Francis Daly francis at
Mon May 4 08:22:34 UTC 2015

On Mon, May 04, 2015 at 11:43:10AM +0700, Dewangga wrote:

Hi there,

> map $http_referer $badboys {
>         hostnames;
>         default         0;
>         "~*" 1;
> }

For info:

This should work as-is; but when using "hostnames", you probably don't
need the regex match. Just "" will do what you possibly
want. (It is not the same: both will block; but only one
will block or

> but, if I tried to access them using given referral, still got HTTP 200.
> $ curl -I -L -e | grep 200

It works for me, using http: (because I don't have a test https: server
to hand). What happens when you leave all of the "...skip..." parts empty?

> Is there any additional configuration needed?

Do your logs show that this request was handled in the server{} block
that you think it was handled in?

Francis Daly        francis at

More information about the nginx mailing list