diff options
Diffstat (limited to 'blog/2022-11-29-nginx-referrer-ban-list.org')
| -rw-r--r-- | blog/2022-11-29-nginx-referrer-ban-list.org | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/blog/2022-11-29-nginx-referrer-ban-list.org b/blog/2022-11-29-nginx-referrer-ban-list.org deleted file mode 100644 index 6eb8ad8..0000000 --- a/blog/2022-11-29-nginx-referrer-ban-list.org +++ /dev/null @@ -1,139 +0,0 @@ -#+title: Creating a Referrer Ban List on Nginx -#+date: 2022-11-29 - -** Creating the Ban List -:PROPERTIES: -:CUSTOM_ID: creating-the-ban-list -:END: -In order to ban list referral domains or websites with Nginx, you need -to create a ban list file. The file below will accept regexes for -different domains or websites you wish to block. - -First, create the file in your nginx directory: - -#+begin_src sh -doas nano /etc/nginx/banlist.conf -#+end_src - -Next, paste the following contents in and fill out the regexes with -whichever domains you're blocking. - -#+begin_src conf -# /etc/nginx/banlist.conf - -map $http_referer $bad_referer { - hostnames; - - default 0; - - # Put regexes for undesired referrers here - "~news.ycombinator.com" 1; -} -#+end_src - -** Configuring Nginx -:PROPERTIES: -:CUSTOM_ID: configuring-nginx -:END: -In order for the ban list to work, Nginx needs to know it exists and how -to handle it. For this, edit the =nginx.conf= file. - -#+begin_src sh -doas nano /etc/nginx/nginx.conf -#+end_src - -Within this file, find the =http= block and add your ban list file -location to the end of the block. - -#+begin_src conf -# /etc/nginx/nginx.conf - -http { - ... - - # Include ban list - include /etc/nginx/banlist.conf; -} -#+end_src - -** Enabling the Ban List -:PROPERTIES: -:CUSTOM_ID: enabling-the-ban-list -:END: -Finally, we need to take action when a bad referral site is found. To do -so, edit the configuration file for your website. For example, I have -all website configuration files in the =http.d= directory. You may have -them in the =sites-available= directory on some distributions. - -#+begin_src sh -doas nano /etc/nginx/http.d/example.com.conf -#+end_src - -Within each website's configuration file, edit the =server= blocks that -are listening to ports 80 and 443 and create a check for the -=$bad_referrer= variable we created in the ban list file. - -If a matching site is found, you can return any -[[https://en.wikipedia.org/wiki/List_of_HTTP_status_codes][HTTP Status -Code]] you want. Code 403 (Forbidden) is logical in this case since you -are preventing a client connection due to a banned domain. - -#+begin_src conf -server { - ... - - # If a referral site is banned, return an error - if ($bad_referer) { - return 403; - } - - ... -} -#+end_src - -** Restart Nginx -:PROPERTIES: -:CUSTOM_ID: restart-nginx -:END: -Lastly, restart Nginx to enable all changes made. - -#+begin_src sh -doas rc-service nginx restart -#+end_src - -** Testing Results -:PROPERTIES: -:CUSTOM_ID: testing-results -:END: -In order to test the results, let's curl the contents of our site. To -start, I'll curl the site normally: - -#+begin_src sh -curl https://cleberg.net -#+end_src - -The HTML contents of the page come back successfully: - -#+begin_src html -<!doctype html>...</html> -#+end_src - -Next, let's include a banned referrer: - -#+begin_src sh -curl --referer https://news.ycombinator.com https://cleberg.net -#+end_src - -This time, I'm met with a 403 Forbidden response page. That means we are -successful and any clients being referred from a banned domain will be -met with this same response code. - -#+begin_src html -<html> -<head><title>403 Forbidden</title></head> -<body> -<center><h1>403 Forbidden</h1></center> -<hr><center>nginx</center> -</body> -</html> -#+end_src |