Question

我需要阻止所有http连接，谁有引用者click2dad.net。我在mysite.conf中写道：

 location / {
            valid_referers ~.*http://click2dad\.net.*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

但我仍然在nginx日志中看到：

HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU"

200，而不是403

从click2dad.net阻止所有客户端是正确的吗？

Answer 1

valid_referers解决方案有效，但就我个人而言，很难以这种方式维持长黑名单。另一种解决方案是使用ngx_http_map_module模块。在ubuntu 14.04 nginx发行版下，你可以创建一个/etc/nginx/blacklist.conf文件：

# /etc/nginx/blacklist.conf

map $http_referer $bad_referer {
    hostnames;

    default                           0;

    # Put regexes for undesired referers here
    "~social-buttons.com"             1;
    "~semalt.com"                     1;
    "~kambasoft.com"                  1;
    "~savetubevideo.com"              1;
    "~descargar-musica-gratis.net"    1;
    "~7makemoneyonline.com"           1;
    "~baixar-musicas-gratis.com"      1;
    "~iloveitaly.com"                 1;
    "~ilovevitaly.ru"                 1;
    "~fbdownloader.com"               1;
    "~econom.co"                      1;
    "~buttons-for-website.com"        1;
    "~buttons-for-your-website.com"   1;
    "~srecorder.co"                   1;
    "~darodar.com"                    1;
    "~priceg.com"                     1;
    "~blackhatworth.com"              1;
    "~adviceforum.info"               1;
    "~hulfingtonpost.com"             1;
    "~best-seo-solution.com"          1;
    "~googlsucks.com"                 1;
    "~theguardlan.com"                1;
    "~i-x.wiki"                       1;
    "~buy-cheap-online.info"          1;
    "~Get-Free-Traffic-Now.com"       1;
}

然后将其包含在/etc/nginx/nginx.conf文件中：

# /etc/nginx/nginx.conf


    http {
    # ...

      include blacklist.conf;

    # ...

    }

完成后，您可以在nginx网站中检查$bad_referer条件：

# /etc/nginx/sites-enabled/mysite.conf

server {
  # ...

  if ($bad_referer) { 
    return 444; 
  } 

  # ...
}

为确保这些内容有效，您可以在shell中执行类似的命令：

$ curl --referer http://www.social-buttons.com https://example.org

......应该给你：

curl: (52) Empty reply from server

我在这里写了一篇关于这个解决方案的博客文章https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/。

Answer 2

应该注意的是，表达式将与“http：//”或“https：//”之后的文本匹配 http://nginx.org/en/docs/http/ngx_http_referer_module.html

更正配置：

 location / {
            valid_referers click2dad.net*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

Answer 3

也许你可以尝试这个配置：

 location / {
        valid_referers ~click2dad.net;
        if ($invalid_referer){
                return 403;
        }
        try_files       $uri    $uri/   /index.php?$args;
}

无论如何，正确答案就在本文件中。 http://nginx.org/en/docs/http/ngx_http_referer_module.html

来自推荐人的Nginx块

3 个答案: