From 25945b8fead989cca09a23983623b63ce36dcc0c Mon Sep 17 00:00:00 2001
From: Christian Cleberg <hello@cleberg.net>
Date: Mon, 8 Jan 2024 20:11:17 -0600
Subject: feat: total re-write from Emacs org-mode to Zola markdown

---
 content/blog/2022-11-29-nginx-referrer-ban-list.md | 133 +++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 content/blog/2022-11-29-nginx-referrer-ban-list.md

(limited to 'content/blog/2022-11-29-nginx-referrer-ban-list.md')

diff --git a/content/blog/2022-11-29-nginx-referrer-ban-list.md b/content/blog/2022-11-29-nginx-referrer-ban-list.md
new file mode 100644
index 0000000..ea62722
--- /dev/null
+++ b/content/blog/2022-11-29-nginx-referrer-ban-list.md
@@ -0,0 +1,133 @@
++++
+date = 2022-11-29
+title = "Creating a Referrer Ban List in Nginx"
+description = "Learn how to create a ban list for referring sites in Nginx."
++++
+
+## Creating the Ban List
+
+In order to ban list referral domains or websites with Nginx, you need
+to create a ban list file. The file below will accept regexes for
+different domains or websites you wish to block.
+
+First, create the file in your nginx directory:
+
+```sh
+doas nano /etc/nginx/banlist.conf
+```
+
+Next, paste the following contents in and fill out the regexes with
+whichever domains you're blocking.
+
+```conf
+# /etc/nginx/banlist.conf
+
+map $http_referer $bad_referer {
+    hostnames;
+
+    default                           0;
+
+    # Put regexes for undesired referrers here
+    "~news.ycombinator.com"           1;
+}
+```
+
+## Configuring Nginx
+
+In order for the ban list to work, Nginx needs to know it exists and how
+to handle it. For this, edit the `nginx.conf` file.
+
+```sh
+doas nano /etc/nginx/nginx.conf
+```
+
+Within this file, find the `http` block and add your ban list
+file location to the end of the block.
+
+```conf
+# /etc/nginx/nginx.conf
+
+http {
+  ...
+
+  # Include ban list
+  include /etc/nginx/banlist.conf;
+}
+```
+
+## Enabling the Ban List
+
+Finally, we need to take action when a bad referral site is found. To do
+so, edit the configuration file for your website. For example, I have
+all website configuration files in the `http.d` directory.
+You may have them in the `sites-available` directory on some
+distributions.
+
+```sh
+doas nano /etc/nginx/http.d/example.com.conf
+```
+
+Within each website's configuration file, edit the `server`
+blocks that are listening to ports 80 and 443 and create a check for the
+`$bad_referrer` variable we created in the ban list file.
+
+If a matching site is found, you can return any [HTTP Status
+Code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes) you want.
+Code 403 (Forbidden) is logical in this case since you are preventing a
+client connection due to a banned domain.
+
+```conf
+server {
+  ...
+
+  # If a referral site is banned, return an error
+  if ($bad_referer) {
+    return 403;
+  }
+
+  ...
+}
+```
+
+## Restart Nginx
+
+Lastly, restart Nginx to enable all changes made.
+
+```sh
+doas rc-service nginx restart
+```
+
+## Testing Results
+
+In order to test the results, let's curl the contents of our site. To
+start, I'll curl the site normally:
+
+```sh
+curl https://cleberg.net
+```
+
+The HTML contents of the page come back successfully:
+
+```html
+<!doctype html>...</html>
+```
+
+Next, let's include a banned referrer:
+
+```sh
+curl --referer https://news.ycombinator.com https://cleberg.net
+```
+
+This time, I'm met with a 403 Forbidden response page. That means we
+are successful and any clients being referred from a banned domain will
+be met with this same response code.
+
+```html
+<html>
+<head><title>403 Forbidden</title></head>
+<body>
+<center><h1>403 Forbidden</h1></center>
+<hr><center>nginx</center>
+</body>
+</html>
+```
-- 
cgit v1.2.3-70-g09d2