Example
The code is as follows: |
Copy code |
If ($ request_uri ~ "Xxx. php? Xxx "){ Set $ iftmp Y; } If ($ http_user_agent ~ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1 )"){ Set $ iftmp "$ {iftmp} Y "; } If ($ iftmp = YY) {return 400 ;} Location /{ Proxy_pass https: // 172.0.0.11; }
|
Focus on setting $ iftmp Y to set iftmp to Y. The set command is a big highlight.
Focus 2: set $ iftmp "$ {iftmp} Y" in set, $ {iftmp} Y overlays the parameters once. $ {iftmp} is a big highlight.
$ Request_uri is the complete request path of the client request, and $ http_user_agent is the browser parameter that the client sends the request.
The above if judgment is a prototype of simple anti-cc attack. Generally, common cc attacks will fix attack pages, and then the browser parameters remain mostly unchanged, if the two if parameters meet both conditions, the third if parameter will be returned to the request side directly with the 400 error,
This completes a simple filtering of cc attack requests to the normal page. Based on the above example, you can use it for other applications.
Suppose we need to rewrite the/admin/path, but at the same time we want to exclude that the/admin/images/path does not rewrite the path. The following solution can be used:
The code is as follows: |
Copy code |
Set $ doRewrite "0 "; If ($ request_uri ~ ^/Admin /){ Set $ doRewrite "1 "; } If ($ request_uri ~ ^/Admin/images /){ Set $ doRewrite "0 "; } If ($ doRewrite = "1 "){ // Do rewrite } |
In this example, there are other methods that do not use the set variable. This article only provides you with one idea. I hope you can apply it to your actual needs.