Nginx : Block Referrer Spam
By:Roy.LiuLast updated:2019-08-17
In this article, we will show you how to block referrer spam in one of our Nginx web server.
1. Find the Patterns
Check the Nginx access.log file, and identify the “referrer spam” patterns.
$ sudo tail -f /var/log/nginx/access.log
Some patterns :
200 http://???.ru/engine/redirect.php?url=http://mywebsite.com/site/blogspot.com.au 200 http://???.com/tp/out.php?link=alternatevideo&url=http%3A//mywebsite.com/site/readyliftproshop.com 200 http://???.edu/online/redirect.asp?url=http://mywebsite/site/wheretoshophongkong.com
We are going to block following patterns :
- redirect.php
- out.php
- redirect.asp
2. Block & Return 405
Edit sites-enabled/default, if any of above patterns is matched, return 405 directly.
if ($http_referer ~* (redirect.php|redirect.asp|out.php) ) {
return 405;
Review the full example in our Nginx web server, actually we block a lot of spam’s patterns.
/etc/nginx/sites-enabled/default
server {
listen 80;
server_name mysite.com;
root /etc/tomcat7/webapps/mysite;
proxy_cache one;
if ($http_referer ~* (seo|referrer|redirect|link=|url=|url?|path=|dku=|babes|click|girl|jewelry|love|organic|poker|porn|sex|teen|video|webcam) ) {
return 405;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
Done, restart Nginx.
Check the log file again, now, any future requests that are matched the declared patterns, 405 will be returned.
$ sudo tail -f /var/log/nginx/access.log
405 http://???.ru/engine/redirect.php?url=http://mywebsite.com/site/blogspot.com.au 405 http://???.com/tp/out.php?link=alternatevideo&url=http%3A//mywebsite.com/site/readyliftproshop.com 405 http://???.edu/online/redirect.asp?url=http://mywebsite/site/wheretoshophongkong.com
References
From:一号门
COMMENTS