Monday, February 18, 2008

пример конфигурации nginx для блокировки левых POST

http{
log_format IP '$remote_addr';
server {
listen 80;
server_name .....;
access_log logs/chipollo.info.access_log main;
set $add 1;

valid_referers none blocked server_names;

location ~* \.(gif|jpg|jpeg|css|js|txt|doc|rtf|pdf)$ {
root /home/....;
error_page 404 = /banner.gif;
access_log off;
expires 30d;
}

#запрещаем все пост запросы на определенный URL
location /modules.php {
if ( $request_method = POST ){
access_log logs/ban.log IP;
return 403;
}
proxy_pass http://x.x.x.x:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_temp_path /var/nginx/proxy_temp;
}

location / {
set $ban "";
if ( $request_method = POST ){set $ban $ban$add;}
if ( $invalid_referer ){ set $ban $ban$add; }
#если оба условия выполнились, то...
if ($ban = 11 ) {
access_log logs/ban.log IP;
return 403;
}

proxy_pass http://x.x.x.x:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_temp_path /var/nginx/proxy_temp;

}
}
}

No comments: