Block specific request pattern !!

shahzaib mushtaq shahzaib.cb at gmail.com
Sat Oct 7 11:24:56 UTC 2017


Hi Francis,

First of all please accept my gratitude for helping on this matter, this
really worked for me and we're seeing lot of leechers blocked now.

Thanks a lot again :)

Shahzaib

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

On Sat, Oct 7, 2017 at 12:18 AM, Francis Daly <francis at daoine.org> wrote:

> On Fri, Oct 06, 2017 at 07:17:39PM +0500, shahzaib mushtaq wrote:
>
> Hi there,
>
> > We're serving mp4 files over NGINX with added security hash+ttl but
> there's
> > some kind of leechers accessing videos with following pattern but not
> > getting blocked:
>
> You seem to suggest that you have some blocking configured, and that it
> does not do all that you want.
>
> What blocking do you have configured? It may be simplest to adjust that,
> rather than try to add something new.
>
> > https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_
> Saa78MV6BJTcoRHwHelA&ttl=1507303734&
> > ?*/WhileYouWereSleeping56.mp4*
>
> > https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_
> Saa78MV6BJTcoRHwHelA&ttl=1507303734&
> > ?
>
> The two question marks in the url looks odd to me; but it is in both your
> "bad" and "good" ones, so maybe it is normal.
>
> > Is there a way we can block the requests not ending up on ttl value ?
>
> You have $query_string, which is the same as $args. If you can define a
> regex pattern which matches everything you want, you can return failure
> for everything else.
>
> Perhaps ($args !~ "&ttl=[0-9]*&\?$") is a suitable test condition in
> your environment.
>
> Good luck with it,
>
>         f
> --
> Francis Daly        francis at daoine.org
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171007/0d44bb7f/attachment.html>


More information about the nginx mailing list