我需要阻止所有http连接,谁有引用者click2dad.net.我在mysite.conf中写道:
location / { valid_referers ~.*http://click2dad\.net.*; if ($invalid_referer = ''){ return 403; } try_files $uri $uri/ /index.php?$args; }
但我仍然在nginx日志中看到:
HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU"
200,而不是403
从click2dad.net阻止所有客户端是正确的吗?
valid_referers
解决方案有效,但就我个人而言,很难以这种方式维持长黑名单.另一种解决方案是使用ngx_http_map_module
模块.在ubuntu 14.04 nginx发行版下,你可以创建一个/etc/nginx/blacklist.conf文件:
# /etc/nginx/blacklist.conf map $http_referer $bad_referer { hostnames; default 0; # Put regexes for undesired referers here "~social-buttons.com" 1; "~semalt.com" 1; "~kambasoft.com" 1; "~savetubevideo.com" 1; "~descargar-musica-gratis.net" 1; "~7makemoneyonline.com" 1; "~baixar-musicas-gratis.com" 1; "~iloveitaly.com" 1; "~ilovevitaly.ru" 1; "~fbdownloader.com" 1; "~econom.co" 1; "~buttons-for-website.com" 1; "~buttons-for-your-website.com" 1; "~srecorder.co" 1; "~darodar.com" 1; "~priceg.com" 1; "~blackhatworth.com" 1; "~adviceforum.info" 1; "~hulfingtonpost.com" 1; "~best-seo-solution.com" 1; "~googlsucks.com" 1; "~theguardlan.com" 1; "~i-x.wiki" 1; "~buy-cheap-online.info" 1; "~Get-Free-Traffic-Now.com" 1; }
然后将其包含在/etc/nginx/nginx.conf文件中:
# /etc/nginx/nginx.conf http { # ... include blacklist.conf; # ... }
完成后,您可以检查$bad_referer
nginx站点中的条件:
# /etc/nginx/sites-enabled/mysite.conf server { # ... if ($bad_referer) { return 444; } # ... }
要确保这些东西有效,您可以在shell中执行类似的命令:
$ curl --referer http://www.social-buttons.com https://example.org
......应该给你:
curl: (52) Empty reply from server
我在这里写了一篇关于这个解决方案的博客文章https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/.