From 3d4da5ac6000a4871c5caa80d1e61f2782da3069 Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Sat, 2 Dec 2023 23:27:35 -0600 Subject: feat: finish converting md to org --- blog/2022-11-29-nginx-referrer-ban-list.org | 136 +++++++++++++++------------- 1 file changed, 71 insertions(+), 65 deletions(-) (limited to 'blog/2022-11-29-nginx-referrer-ban-list.org') diff --git a/blog/2022-11-29-nginx-referrer-ban-list.org b/blog/2022-11-29-nginx-referrer-ban-list.org index 2f71666..6eb8ad8 100644 --- a/blog/2022-11-29-nginx-referrer-ban-list.org +++ b/blog/2022-11-29-nginx-referrer-ban-list.org @@ -1,26 +1,24 @@ -+++ -date = 2022-11-29 -title = "Creating a Referrer Ban List on Nginx" -description = "A quick explanation detailing my own way of banning referral domains on Nginx." -+++ +#+title: Creating a Referrer Ban List on Nginx +#+date: 2022-11-29 -## Creating the Ban List - -In order to ban list referral domains or websites with Nginx, you need to -create a ban list file. -The file below will accept regexes for different domains or websites you -wish to block. +** Creating the Ban List +:PROPERTIES: +:CUSTOM_ID: creating-the-ban-list +:END: +In order to ban list referral domains or websites with Nginx, you need +to create a ban list file. The file below will accept regexes for +different domains or websites you wish to block. First, create the file in your nginx directory: -```sh +#+begin_src sh doas nano /etc/nginx/banlist.conf -``` +#+end_src -Next, paste the following contents in and fill out the regexes with whichever -domains you're blocking. +Next, paste the following contents in and fill out the regexes with +whichever domains you're blocking. -```conf +#+begin_src conf # /etc/nginx/banlist.conf map $http_referer $bad_referer { @@ -31,21 +29,23 @@ map $http_referer $bad_referer { # Put regexes for undesired referrers here "~news.ycombinator.com" 1; } -``` - -## Configuring Nginx +#+end_src -In order for the ban list to work, Nginx needs to know it exists and how to -handle it. For this, edit the `nginx.conf` file. +** Configuring Nginx +:PROPERTIES: +:CUSTOM_ID: configuring-nginx +:END: +In order for the ban list to work, Nginx needs to know it exists and how +to handle it. For this, edit the =nginx.conf= file. -```sh +#+begin_src sh doas nano /etc/nginx/nginx.conf -``` +#+end_src -Within this file, find the `http` block and add your ban list file location to -the end of the block. +Within this file, find the =http= block and add your ban list file +location to the end of the block. -```conf +#+begin_src conf # /etc/nginx/nginx.conf http { @@ -54,29 +54,31 @@ http { # Include ban list include /etc/nginx/banlist.conf; } -``` - -## Enabling the Ban List - -Finally, we need to take action when a bad referral site is found. To do so, -edit the configuration file for your website. For example, I have all website -configuration files in the `http.d` directory. You may have them in the -`sites-available` directory on some distributions. - -```sh +#+end_src + +** Enabling the Ban List +:PROPERTIES: +:CUSTOM_ID: enabling-the-ban-list +:END: +Finally, we need to take action when a bad referral site is found. To do +so, edit the configuration file for your website. For example, I have +all website configuration files in the =http.d= directory. You may have +them in the =sites-available= directory on some distributions. + +#+begin_src sh doas nano /etc/nginx/http.d/example.com.conf -``` +#+end_src -Within each website's configuration file, edit the `server` blocks that are -listening to ports 80 and 443 and create a check for the `$bad_referrer` -variable we created in the ban list file. +Within each website's configuration file, edit the =server= blocks that +are listening to ports 80 and 443 and create a check for the +=$bad_referrer= variable we created in the ban list file. -If a matching site is found, you can return any [HTTP Status -Code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) you want. Code -403 (Forbidden) is logical in this case since you are preventing a client -connection due to a banned domain. +If a matching site is found, you can return any +[[https://en.wikipedia.org/wiki/List_of_HTTP_status_codes][HTTP Status +Code]] you want. Code 403 (Forbidden) is logical in this case since you +are preventing a client connection due to a banned domain. -```conf +#+begin_src conf server { ... @@ -87,42 +89,46 @@ server { ... } -``` - -## Restart Nginx +#+end_src +** Restart Nginx +:PROPERTIES: +:CUSTOM_ID: restart-nginx +:END: Lastly, restart Nginx to enable all changes made. -```sh +#+begin_src sh doas rc-service nginx restart -``` - -## Testing Results +#+end_src -In order to test the results, let's curl the contents of our site. To start, -I'll curl the site normally: +** Testing Results +:PROPERTIES: +:CUSTOM_ID: testing-results +:END: +In order to test the results, let's curl the contents of our site. To +start, I'll curl the site normally: -```sh +#+begin_src sh curl https://cleberg.net -``` +#+end_src The HTML contents of the page come back successfully: -```html +#+begin_src html ... -``` +#+end_src Next, let's include a banned referrer: -```sh +#+begin_src sh curl --referer https://news.ycombinator.com https://cleberg.net -``` +#+end_src -This time, I'm met with a 403 Forbidden response page. That means we are -successful and any clients being referred from a banned domain will be met -with this same response code. +This time, I'm met with a 403 Forbidden response page. That means we are +successful and any clients being referred from a banned domain will be +met with this same response code. -```html +#+begin_src html 403 Forbidden @@ -130,4 +136,4 @@ with this same response code.
nginx
-``` +#+end_src -- cgit v1.2.3-70-g09d2