openresty、nginx 拦截非法请求, referer模块 ngx_http_referer_module

referer模块 ngx_http_referer_module 默认编译进nginx

valid_referers 指令

官网可参考 http://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers

| Syntax: | valid_referers none | blocked | server_names | string ...; |
|–|–|
|Default: | — |
|Context: | server, location|

参数说明

none 允许缺失referer头部请求访问

block 允许有referer头部请求访问

server_names 如果server_names与本机server_name某个域名匹配则允许访问

正则表达式  匹配上允许访问

域名前缀或后缀匹配上 也允许访问

invalid_referer 变量 允许访问时值是空 不允许访问时值是空	

referer_hash_bucket_size 缓存

referer_hash_max_size 缓存最大值

示例:

拦截1–指定拦截

server {
    server_name xxx.xxxx.com;

    error_log logs/myerror.log debug;
    root html;
    location /{
        valid_referers none blocked server_names
                       *.555.pub www.404.cn/nginx/
                       ~\.google\.;

        if ($invalid_referer) {
                return 403;
        }

        return 200 'valid\n';
    }

}
拦截来着百度搜索的请求

返回404
if ($http_referer ~ 'baidu.com')
{
    return 404;
}

或者

返回跳转页面
if ($http_referer ~ 'baidu.com')
{
    return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
}

拦截2–空拦截

为空访问返回不存在

valid_referers server_names ~.;
if ($invalid_referer) {
    #return   403;
    root html;
}

综合示例

location /nacos/ {
 set $flag 0;
    if ($remote_addr !~ ^(10.0.37.155|10.0.37.154|10.0.37.156|10.0.37.162|10.0.37.163|10.0.37.164|10.0.37.165|10.0.37.157|10.0.37.158)) {set $flag 1;}
    if ($host ~ "^hn8.nw109.cc1*$") {set $flag 0;}
    if ($flag = 1) {return 403;}
    proxy_pass http://nacosserv;
  }
  error_page 403 /403page.html;
  location = /403page.html{
      root html;
  }

版权声明:本文为sunny_day_day原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。