Deny referrer using map directive
Dewangga
dewanggaba at xtremenitro.org
Mon May 4 08:27:56 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
On 5/4/2015 15:22, Francis Daly wrote:
> On Mon, May 04, 2015 at 11:43:10AM +0700, Dewangga wrote:
>
> Hi there,
>
>> map $http_referer $badboys { hostnames; default 0;
>> "~*hitleap.com" 1; }
>
> For info:
>
> This should work as-is; but when using "hostnames", you probably
> don't need the regex match. Just ".hitleap.com" will do what you
> possibly want. (It is not the same: both will block a.hitleap.com;
> but only one will block ahitleap.com or hitleap.com.a.)
You do the trick, just using ".hitleap.com" and the regex matched.
$ curl -IL https://www.domain.name -e www2.hitleap.com
HTTP/1.1 406 Not Acceptable
Server: MCM-WS
Date: Mon, 04 May 2015 08:30:42 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
>
>> but, if I tried to access them using given referral, still got
>> HTTP 200. $ curl -I https://domain.name -L -e hitleap.com | grep
>> 200
>
> It works for me, using http: (because I don't have a test https:
> server to hand). What happens when you leave all of the
> "...skip..." parts empty?
>
>> Is there any additional configuration needed?
>
> Do your logs show that this request was handled in the server{}
> block that you think it was handled in?
>
> f
>
Thanks in a bunch Francis :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJVRy2MAAoJEF1+odKB6YIx5zoH/RlUa3u2CIZHTVYYZuQQomEw
s0Ul7D35GNmMWCon2wJDM0fKQKllSWLt6ed/G3UQuVCof3sNd9S8o7cuvsNpSpW5
Vds+lKIRDK6JsNxrjWONoPKWL9iEkIjItwF2VWUHTXhFPBoNEvhD4IWabqhtj4CC
ljaM6Tza8vOIWKBR7FTSwnSwKnXasax7mZwDP0/h+jca7k+KBN9fo2k59yCxZRjm
iAsFfUQ4bCR9jbkE5tqOx+UI2/6QXYsl4I1tqFqUHggHA4t9Hkd5JvcmPIPocCQi
I2ZHOVaU4k7KQfnQtsgnf3YttiOb35/je9085wSm1+uFAfodw3owQxl8eKGaBGs=
=/yob
-----END PGP SIGNATURE-----
More information about the nginx
mailing list