Block specific request pattern !!

Francis Daly francis at daoine.org
Fri Oct 6 19:18:13 UTC 2017


On Fri, Oct 06, 2017 at 07:17:39PM +0500, shahzaib mushtaq wrote:

Hi there,

> We're serving mp4 files over NGINX with added security hash+ttl but there's
> some kind of leechers accessing videos with following pattern but not
> getting blocked:

You seem to suggest that you have some blocking configured, and that it
does not do all that you want.

What blocking do you have configured? It may be simplest to adjust that,
rather than try to add something new.

> https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734&
> ?*/WhileYouWereSleeping56.mp4*

> https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734&
> ?

The two question marks in the url looks odd to me; but it is in both your
"bad" and "good" ones, so maybe it is normal.

> Is there a way we can block the requests not ending up on ttl value ?

You have $query_string, which is the same as $args. If you can define a
regex pattern which matches everything you want, you can return failure
for everything else.

Perhaps ($args !~ "&ttl=[0-9]*&\?$") is a suitable test condition in
your environment.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list