Nginx block from referrer

我需要阻止所有http连接，谁有referrer click2dad.net。我在mysite.conf中写到:

 location / {
            valid_referers ~.*http://click2dad.net.*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

但是我仍然在nginx日志中看到:

HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU"

200，不是403

是否正确阻止所有客户端访问click2dad.net ?

valid_referers解决方案有效，但对我个人而言，很难以这种方式维护长黑名单。另一种解决方案是使用ngx_http_map_module模块。在ubuntu 14.04 nginx发行版下，你需要创建一个/etc/nginx/blacklist.conf文件:

# /etc/nginx/blacklist.conf
map $http_referer $bad_referer {
    hostnames;
    default                           0;
    # Put regexes for undesired referers here
    "~social-buttons.com"             1;
    "~semalt.com"                     1;
    "~kambasoft.com"                  1;
    "~savetubevideo.com"              1;
    "~descargar-musica-gratis.net"    1;
    "~7makemoneyonline.com"           1;
    "~baixar-musicas-gratis.com"      1;
    "~iloveitaly.com"                 1;
    "~ilovevitaly.ru"                 1;
    "~fbdownloader.com"               1;
    "~econom.co"                      1;
    "~buttons-for-website.com"        1;
    "~buttons-for-your-website.com"   1;
    "~srecorder.co"                   1;
    "~darodar.com"                    1;
    "~priceg.com"                     1;
    "~blackhatworth.com"              1;
    "~adviceforum.info"               1;
    "~hulfingtonpost.com"             1;
    "~best-seo-solution.com"          1;
    "~googlsucks.com"                 1;
    "~theguardlan.com"                1;
    "~i-x.wiki"                       1;
    "~buy-cheap-online.info"          1;
    "~Get-Free-Traffic-Now.com"       1;
}

然后将它包含在/etc/nginx/nginx.conf文件中:

# /etc/nginx/nginx.conf

    http {
    # ...
      include blacklist.conf;
    # ...
    }

这样做了，你可以检查$bad_referer条件在你的nginx站点:

# /etc/nginx/sites-enabled/mysite.conf
server {
  # ...
  if ($bad_referer) { 
    return 444; 
  } 
  # ...
}

为了确保这些东西能够正常工作，您可以在shell中执行一个类似的命令:

$ curl --referer http://www.social-buttons.com https://example.org

…它应该给你:

curl: (52) Empty reply from server

我在这里写了一篇关于这个解决方案的博客文章https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/.

应该注意的是，表达式将与"http://"或"https://"之后的文本匹配。http://nginx.org/en/docs/http/ngx_http_referer_module.html

正确的配置:

 location / {
            valid_referers click2dad.net*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

也许你可以试试这个配置:

 location / {
        valid_referers ~click2dad.net;
        if ($invalid_referer){
                return 403;
        }
        try_files       $uri    $uri/   /index.php?$args;
}

不管怎样，正确的答案就在这份文件里。http://nginx.org/en/docs/http/ngx_http_referer_module.html

相关内容

最新更新

热门标签：