FAQ

Page Discussion History

Difference between revisions of "HttpRefererModule"

m
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
<span style="color:red">WARNING: this article is obsoleted. Please refer to http://nginx.org/en/docs/ for the latest official documentation.</span>
 +
 
= Synopsis =
 
= Synopsis =
 
This module makes it possible to block access to the site with the incorrect values of line "Referer" in the request header.  
 
This module makes it possible to block access to the site with the incorrect values of line "Referer" in the request header.  
Line 17: Line 19:
 
= Directives =
 
= Directives =
 
== valid_referers ==
 
== valid_referers ==
'''syntax:''' ''valid_referers [none|blocked|server_names]  ...''
+
<include wikitext nopre src="http://wiki.nginx.org/nginx.org/http/ngx_http_referer_module/valid_referers.txt" />
 
+
'''default:''' ''no''
+
 
+
'''context:''' ''server, location''
+
  
 
This directive assigns a value of 0 or 1 to the variable <code>$invalid_referer</code> based on the contents of the <code>referer</code> header.   
 
This directive assigns a value of 0 or 1 to the variable <code>$invalid_referer</code> based on the contents of the <code>referer</code> header.   
Line 31: Line 29:
 
* <code>blocked</code> means masked <code>Referer</code> header by firewall, for example, "Referer: XXXXXXX".
 
* <code>blocked</code> means masked <code>Referer</code> header by firewall, for example, "Referer: XXXXXXX".
 
* server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.
 
* server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.
 
  
 
= References =
 
= References =
[http://sysoev.ru/nginx/docs/http/ngx_http_referer_module.html Original Documentation]
+
[http://nginx.org/en/docs/http/ngx_http_referer_module.html Original Documentation]

Revision as of 07:44, 23 August 2013

WARNING: this article is obsoleted. Please refer to http://nginx.org/en/docs/ for the latest official documentation.

Contents

Synopsis

This module makes it possible to block access to the site with the incorrect values of line "Referer" in the request header.

Keep in mind that it is easy to spoof this header; therefore, the purpose of using of this module consists not in 100% blocking of these requests, but in the blocking of the mass flow of requests, made from typical browsers. Also, consider that the typical browser does not always provide a "Referer" header, even for correct requests.

Example

location /photos/ {
  valid_referers none blocked www.mydomain.com mydomain.com;
 
  if ($invalid_referer) {
    return   403;
  }
}

Directives

valid_referers

Syntax: valid_referers none | blocked | server_names | string ...
Default:
Context: server
location
Reference:valid_referers


This directive assigns a value of 0 or 1 to the variable $invalid_referer based on the contents of the referer header.

You can use this to help reduce deep-linking from outside sites. If Referer header is not accounted for in the list of valid_referers, then $invalid_referer will be set to 1 (see example above).

The parameters can be as follows:

  • none means the absence of "Referer" header.
  • blocked means masked Referer header by firewall, for example, "Referer: XXXXXXX".
  • server_names is a list of one or more servers. From version 0.5.33 onwards, * wildcards can be used in the server names.

References

Original Documentation