6

我需要阻止所有具有引荐来源 click2dad.net 的 http 连接。我在 mysite.conf 中写道:

 location / {
            valid_referers ~.*http://click2dad\.net.*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

但我仍然在 nginx 日志中看到:

HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU"

200,而不是 403

因为阻止来自 click2dad.net 的所有客户端是正确的?

4

3 回答 3

17

valid_referers解决方案有效,但对我个人而言,很难以这种方式维持长长的黑名单。另一种解决方案是使用ngx_http_map_module模块。在 ubuntu 14.04 nginx 发行版下,您将创建一个 /etc/nginx/blacklist.conf 文件:

# /etc/nginx/blacklist.conf

map $http_referer $bad_referer {
    hostnames;

    default                           0;

    # Put regexes for undesired referers here
    "~social-buttons.com"             1;
    "~semalt.com"                     1;
    "~kambasoft.com"                  1;
    "~savetubevideo.com"              1;
    "~descargar-musica-gratis.net"    1;
    "~7makemoneyonline.com"           1;
    "~baixar-musicas-gratis.com"      1;
    "~iloveitaly.com"                 1;
    "~ilovevitaly.ru"                 1;
    "~fbdownloader.com"               1;
    "~econom.co"                      1;
    "~buttons-for-website.com"        1;
    "~buttons-for-your-website.com"   1;
    "~srecorder.co"                   1;
    "~darodar.com"                    1;
    "~priceg.com"                     1;
    "~blackhatworth.com"              1;
    "~adviceforum.info"               1;
    "~hulfingtonpost.com"             1;
    "~best-seo-solution.com"          1;
    "~googlsucks.com"                 1;
    "~theguardlan.com"                1;
    "~i-x.wiki"                       1;
    "~buy-cheap-online.info"          1;
    "~Get-Free-Traffic-Now.com"       1;
}

然后将其包含在您的 /etc/nginx/nginx.conf 文件中:

# /etc/nginx/nginx.conf


    http {
    # ...

      include blacklist.conf;

    # ...

    }

完成后,您可以$bad_referer在您的 nginx 站点中检查条件:

# /etc/nginx/sites-enabled/mysite.conf

server {
  # ...

  if ($bad_referer) { 
    return 444; 
  } 

  # ...
}

为了确保这些东西正常工作,您可以在 shell 中执行类似的命令:

$ curl --referer http://www.social-buttons.com https://example.org

...这应该给你:

curl: (52) Empty reply from server

我在这里写了一篇关于这个解决方案的博客文章https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/

于 2016-08-11T09:00:44.477 回答
3

需要注意的是,表达式将与“http://”或“https://”之后的文本匹配 http://nginx.org/en/docs/http/ngx_http_referer_module.html

正确的配置:

 location / {
            valid_referers click2dad.net*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }
于 2014-06-09T10:15:21.820 回答
0

也许你可以试试这个配置:

 location / {
        valid_referers ~click2dad.net;
        if ($invalid_referer){
                return 403;
        }
        try_files       $uri    $uri/   /index.php?$args;
}

无论如何,正确的答案就在这个文档中。 http://nginx.org/en/docs/http/ngx_http_referer_module.html

于 2014-06-10T08:56:19.937 回答