我需要阻止所有http连接,谁有referrer click2dad.net。我在mysite.conf中写到:
location / {
valid_referers ~.*http://click2dad.net.*;
if ($invalid_referer = ''){
return 403;
}
try_files $uri $uri/ /index.php?$args;
}
但是我仍然在nginx日志中看到:
HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU"
200,不是403
是否正确阻止所有客户端访问click2dad.net ?
valid_referers
解决方案有效,但对我个人而言,很难以这种方式维护长黑名单。另一种解决方案是使用ngx_http_map_module
模块。在ubuntu 14.04 nginx发行版下,你需要创建一个/etc/nginx/blacklist.conf文件:
# /etc/nginx/blacklist.conf
map $http_referer $bad_referer {
hostnames;
default 0;
# Put regexes for undesired referers here
"~social-buttons.com" 1;
"~semalt.com" 1;
"~kambasoft.com" 1;
"~savetubevideo.com" 1;
"~descargar-musica-gratis.net" 1;
"~7makemoneyonline.com" 1;
"~baixar-musicas-gratis.com" 1;
"~iloveitaly.com" 1;
"~ilovevitaly.ru" 1;
"~fbdownloader.com" 1;
"~econom.co" 1;
"~buttons-for-website.com" 1;
"~buttons-for-your-website.com" 1;
"~srecorder.co" 1;
"~darodar.com" 1;
"~priceg.com" 1;
"~blackhatworth.com" 1;
"~adviceforum.info" 1;
"~hulfingtonpost.com" 1;
"~best-seo-solution.com" 1;
"~googlsucks.com" 1;
"~theguardlan.com" 1;
"~i-x.wiki" 1;
"~buy-cheap-online.info" 1;
"~Get-Free-Traffic-Now.com" 1;
}
然后将它包含在/etc/nginx/nginx.conf文件中:
# /etc/nginx/nginx.conf
http {
# ...
include blacklist.conf;
# ...
}
这样做了,你可以检查$bad_referer
条件在你的nginx站点:
# /etc/nginx/sites-enabled/mysite.conf
server {
# ...
if ($bad_referer) {
return 444;
}
# ...
}
为了确保这些东西能够正常工作,您可以在shell中执行一个类似的命令:
$ curl --referer http://www.social-buttons.com https://example.org
…它应该给你:
curl: (52) Empty reply from server
我在这里写了一篇关于这个解决方案的博客文章https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/.
应该注意的是,表达式将与"http://"或"https://"之后的文本匹配。http://nginx.org/en/docs/http/ngx_http_referer_module.html
正确的配置:
location / {
valid_referers click2dad.net*;
if ($invalid_referer = ''){
return 403;
}
try_files $uri $uri/ /index.php?$args;
}
也许你可以试试这个配置:
location / {
valid_referers ~click2dad.net;
if ($invalid_referer){
return 403;
}
try_files $uri $uri/ /index.php?$args;
}
不管怎样,正确的答案就在这份文件里。http://nginx.org/en/docs/http/ngx_http_referer_module.html