The following set of modules provides extra functionality that'll help you find out more information about the visitors, such as by parsing client request headers for browser name and version, assigning a identifier to requests presenting SI Milarities, and so on.
Browser
The Browser module parses the user-agent HTTP header of the client request in order to establish values For variables that can is employed later in the configuration. The three variables produced are:
- $modern _browser: If The client browser is identified as being a modern web browser, the variable takes the value Defined by the modern_browser_value directive.
- $ancient _browser: If The client browser is identified as being a old web browser, the variable takes the value D efined by Ancient_browser_value.
- $msie: This variable are set to 1 If the client is using a Microsoft IE browser.
To help Nginx recognize Web browsers, telling the old from the modern, you need to insert multiple occurrences of the Ancient_browser and modern_browser directives:
Modern_browser Opera 10.0;
With this example, if the user-agent HTTP header contains Opera 10.0, the client browser is considered modern.
Map
Just like the Browser module, the Map module allows your to create maps of values depending on a variable :
Map $uri $variable {
/page.html 0;
/contact.html 1;
/index.html 2;
Default 0;
}
rewrite ^/index.php?page= $variable;
Note that theMapDirective can only be inserted within thehttpBlock. Following this example,$variableMay has three different values. If$uriwas set to/page.html,$variableis now defined as0; If$uriwas set to/contact.html,$variableis now1; If$uriwas set to/index.html,$variableNow equals2. For any other cases (default),$variableis set to0. The last instruction rewrites the URL accordingly. Apart from default, the map directive accepts another special keyword:hostnames. It allows to match hostnames using wildcards such as*.domain.com.
Additional directives allow you to tweak the the-manages the mechanism in memory:
- map_hash_max_size: Sets the maximum size of the hash table holding a map
- map_hash_bucket_size: The maximum size of a entry in the map
Regular expressions may also is used in patterns if you prefix them with ~ (case sensitive) or ~* (case INSENSITIVE):
Map $http _referer $ref {
~google "Google";
~* Yahoo "Yahoo";
\~bing "Bing"; # a regular expression due to the \ before the tilde
Default $http _referer; # variables May used
}
Geo
The purpose of this module are to provide functionality that's quite similar to the map directive-affecting a V Ariable based on client data (in this case, the IP address). The syntax is slightly different in the extent that's allowed to specify address ranges (in CIDR format):
Geo $variable {
Default unknown;
127.0.0.1 Local;
123.12.3.0/24 UK;
92.43.0.0/16 fr;
}
Note that the above block is being presented to you just for the sake of the example and does not actually detect U.K. and French visitors; You'll want the GeoIP module If you wish to achieve proper geographical location detection. In this block, your may insert a number of directives that is specific to the This module:
- Delete: Allows you-remove the specified subnetwork from the mapping.
- default: The default value given to $variable in case the user's IP address does not match any of the SP Ecified IP Ranges.
- include: Allows to include an external file.
- Proxy: Defines a subnet of trusted addresses. If the User IP address is among the trusted, the value of the x-forwarded-for header is used as IP address Instea D of the socket IP address.
- proxy_recursive: If enabled, this would look for the value of the x-forwarded-for header even if the Clie NT IP address is not trusted.
- ranges: If You insert this directive as the first line of your Geo block, it allows your to specify IP RA Nges instead of CIDR masks. The following syntax is thus permitted: 127.0.0.1-127.0.0.255 LOCAL;
GeoIP
Although the name suggests some similarities with the previous one, this optional module provides accurate geographical in Formation about your visitors by making use of the MaxMind (www.maxmind.com) GeoIP binary databases. You need to download the database files from the MaxMind website and place them in your Nginx directory.
This module is not a included in the default Nginx build.
All the Specify and the database path with either directive:
Geoip_country Country.dat; # Country Information db
Geoip_city City.dat; # City Information db
Geoip_org Geoiporg.dat; # Isp/organization DB
The first directive enables several variables:$geoip _country_code(Two-letter country code),$geoip _country_code3(Three-letter Country code), and$geoip _country_name(Full country name). The second directive includes the same variables but provides additional information:$geoip _region,$geoip _city,$geoip _postal_code,$geoip _city_continent_code,$geoip _latitude,$geoip _longitude,$geoip _dma_code,$geoip _area_code,$geoip _region_name. The third directive offers information about the organization or ISP that owns the specified IP address by filling up the$geoip _orgVariable.
If you need the variables to being encoded in UTF-8, simply add the UTF8 keyword at the end of the Geoip_ D Irectives.
UserID Filter
This module assigns a identifier to clients by issuing cookies. The identifier can accessed from variables $uid _got and $uid _set further in the configuration.
Userid
Context: http, server, location
Enables or disables issuing and logging of cookies.
The directive accepts four possible values:
- on: Enables V2 cookies and logs them
- v1: Enables V1 cookies and logs them
- log: Does not send cookie data logs incoming cookies
- off: Does not send cookie data
Default value: userid off;
Userid_service
Context: http, server, location
Defines the IP address of the server issuing the cookie.
Syntax: userid_service IP;
Default: IP address of the server
Userid_name
Context: http, server, location
Defines the name assigned to the cookie.
Syntax: userid_name name;
Default value:the User Identifier
Userid_domain
Context: http, server, location
Defines the domain assigned to the cookie.
Syntax: userid_domain domain;
Default value: None (the domain part was not sent)
Userid_path
Context: http, server, location
Defines the path part of the cookie.
Syntax: userid_path path;
Default value:/
Userid_expires
Context: http, server, location
Defines the cookie expiration date.
Syntax: userid_expires date | max;
Default value: No Expiration date
userid_p3p
Context: http, server, location
Assigns a value to the P3P header sent with the cookie.
Syntax: userid_p3p data;
Default value: None
Referer
A simple directive are introduced by this module: valid_referers. Its purpose are to check the Referer HTTP header from the client request and possibly to deny access based the Value. If The referrer is considered invalid, $invalid _referer is set to 1. In the list of valid referrers, your may employ three kinds of values:
- None: The absence of a referrer is considered to be a valid referrer
- Blocked: A masked referrer (such as XXXXX) is also considered valid
- A server name:the specified server name is considered to be a valid referrer
Following the definition of the $invalid _referer variable, you could, for example, and return an error code if the Refe Rrer was found invalid:
Valid_referers none blocked *.website.com *.google.com;
if ($invalid _referer) {
return 403;
}
Be aware this spoofing the Referer HTTP header is a very simple process, so checking the referrer of the client Reque STS should not being used as a security measure.
Real IP
This module provides one, Feature-it replaces the client IP address by the one specified in the x-real-ip HTTP header for clients, visit your website behind a proxy or for retrieving IP addresses from the proper header I F Nginx is used as a backend server. To enable this feature, you need to insert the real_ip_header directive that defines The HTTP header to be exploited-either x-real-ip or x-forwarded-for . The second step is to define trusted IP addresses. In other words, the clients is allowed to make use of those headers. This can is done thanks to the set_real_ip_from directive, which accepts both IP add Resses and CIDR address ranges:
Real_ip_header x-forwarded-for;
Set_real_ip_from 192.168.0.0/16;
Set_real_ip_from 127.0.0.1;
Set_real_ip_from UNIX:; # trusts all Unix-domain sockets
This module is not a included in the default Nginx build.
Nginx-additional Modules, about Your Visitors