Nginx anti-theft chain based on UA shielding malicious user agent request (anti-Spider) _nginx

Source: Internet
Author: User

Compared with the Apache,nginx occupies less system resources, more suitable for VPS use. Malicious hotlinking user Agent everywhere, blog replacement to WordPress not a few days, was SPAM (spam message) stare, and was violently cracked backstage username password. Apache has previously introduced the use of the. htaccess Mask malicious user agent, today to introduce Nginx shielding malicious user agent request method.

First Rules & Comments

#禁用未初始化变量警告
Uninitialized_variable_warn off;
#匹配各种 Bad user agent, returns a 403 error
if ($http _user_agent ~* "embeddedwb| nsplayer| Wmfsdk|qunarbot|mj12bot|ahrefsbot| Windows 98| MSIE 6.0; Windows 2000| easouspider| Sogou Web Spider ") {return
403;
}
#匹配POST方法, assign the variable iftemp
if ($request _method ~* "POST") {set $iftemp X;}
#匹配 Bad user agent, assign value to variable iftemp; These ua are mainly spam messages
if ($http _user_agent ~* "MSIE 6.*net| MSIE 7.*net| MSIE 6.*sv1| MSIE 6.0; Windows NT 5.0 ") {
set $iftemp" ${iftemp}y ";
}
#如果变量iftemp符合上面两个条件, returns 403 error
if ($iftemp = XY) {return 403;}

Disable the uninitialized variable warning or write warnings to the error log Error.log as follows

Copy Code code as follows:

2014/09/11 09:21:11 [warn] 18649#0: *132 using uninitialized "iftemp" variable, client:220.181.51.209, SERVER:WWW.WILF.C N, Request: "Get/wp-content/themes/dazzling/inc/fonts/glyphicons-halflings-regular.woff http/1.0", Host: " Www.wilf.cn ", referrer:" http://www.wilf.cn/"
2014/09/11 09:21:11 [warn] 18649#0: *92 using uninitialized "iftemp" variable, client:66.249.79.55, server:www.wilf.cn, Request: "get/page/14?mod=pad&act=view&id=741 http/1.1", Host: "Www.wilf.cn"

The Nginx rule does not support more than 2 conditional judgments, bypassing a path and completing 2 conditional judgments by assigning values to variables two times.

Nginx rules are also used to match strings with regular expressions, to parse logs, and to customize them as needed.

It's time to test the results.

Copy Code code as follows:

183.60.214.51-[10/sep/2014:22:16:18 +0800]-bytes:13507-get/?mod=pad&act=view&id=460 http/1.1-403-–-m ozilla/5.0 (compatible; Easouspider; +http://www.easou.com/search/spider.html)-–-–
220.181.125.169-[11/sep/2014:09:38:15 +0800]-bytes:169-get/page/51?mod=wap&act=addcom&inpid=860 HTTP/1.1 -403-–-sogou Web spider/4.0 (+http://www.sogou.com/docs/help/webmasters.htm#07)-–-–

Easouspider and Sogou web spider are never seen again.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.