3 messages in ru.sysoev.nginxRe: How to defy this url in nginx.conf| From | Sent On | Attachments |
|---|---|---|
| JennrCheng | Mar 9, 2012 10:25 am | |
| Cliff Wells | Mar 9, 2012 10:45 am | |
| JennrCheng | Mar 9, 2012 9:47 pm |
| Subject: | Re: How to defy this url in nginx.conf | |
|---|---|---|
| From: | Cliff Wells (cli...@develix.com) | |
| Date: | Mar 9, 2012 10:45:25 am | |
| List: | ru.sysoev.nginx | |
On Fri, 2012-03-09 at 13:25 -0500, JennrCheng wrote:
My server can't be run normal now,when I check the access.log I see there are lot of connections request my site url : /iclk/?zoneid=15&uid=1000 .
I want to defy this url in nginx.conf. I just write the below code in the file but it can't work , can any kind man help me . lot of thanks.
First of all, Nginx is already rejecting the request, which is why Nginx returns a 404.
60.19.120.162 - - [10/Mar/2012:02:02:34 +0800] "GET /iclk/?zoneid=15&uid=1000 HTTP/1.1" 404 564 "-" "Mozilla/4.0
location ^~ uid\=1000$ { return 404; }
Locations cannot be based off of the request arguments. You could catch the request by using something like this (assuming /iclk isn't valid for some other part of your site):
location ^~ /iclk { return 404; }
In any case, it isn't necessary since Nginx is already doing this for you.
If these requests are hacking attempts, you could utilize a tool such as fail2ban that watched your Nginx logs for requests that match the pattern and blocked the IP addresses using your system's firewall.
For future reference, if you are going to paste giant sections from log files, please use pastebin and just provide a link.
Regards, Cliff
_______________________________________________ nginx mailing list ngi...@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx