Nginx, limiting traffic by referer?

V

Vadim Rybalko2011-04-21 17:45:04

Nginx

Vadim Rybalko, 2011-04-21 17:45:04

Greetings.
From time to time, there is a problem with parasitic requests to a site of this kind: the owner of another, rather high-loaded site, hosts an iframe with a heavy request to ours, therefore, we have a flood of the form “some_IP request referrer_villain”. Yes, you can catch such attacks and block villains by referrers, but this is not enough: you need to minimize manual intervention.
Who is struggling with such a phenomenon? I see a scheme: set referrers not in the white list (the site itself) to limit requests per second (choose a really anomalous number). I just don't know how this can be done. Maybe someone has other ideas?
PS All of the above applies to Nginx.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

Maxim, 2011-04-22
@maxout

blocking all referrers not from your site is of course not very good.
head-on solution:
1. create a full duplicate of your main location (where php is processed or whatever you have there), name it whatever you want.
2. add the only difference to this take - put limit_req there (you can set limit_req_zone to taste).
3. add an internal(!) redirect to the duplicated location in the server section if the referrer is not yours.
4.profit!

V

Vlad Zhivotnev, 2011-04-21
@inkvizitor68sl

if ( $http_referer ~* (^google.com) ){
return 403;
}
Ban the google.com referrer (NOT google.com ).
This is for you just in case =) And then play around.

I

Ivan, 2011-04-21
@iSage

Request limit:
wiki.nginx.org/HttpLimitReqModule