Nginx is $ document_uri and $ request_uri and $ http_referer

Nginx $ document_uri based access control, variable $ document_uri This variable is equivalent to $ uri, in fact, equivalent to a location match.

Example 1: When the user request contains url / admin /, 403 directly returns, Note: not supported structures allow and deny if

if ($document_uri ~ "/admin/")
{
    return 403;
}

#1. www.xuliangwei.com/123/admin/1.html 匹配
#2. www.xuliangwei.com/admin123/1.html  不匹配
#3. www.xuliangwei.com/admin.php  不匹配

Example 2: The request is /admin.php uri returns a status code 403, 403 directly returns, Note: if not supported structures allow and deny

if ($document_uri = /admin.php)
{
    return 403;
}

#1. www.xuliangwei.com/admin.php 匹配
#2. www.xuliangwei.com/123/admin.php  不匹配

Example 3: The request contains data or uri cache directory and is php, returns a status code 403, 403 directly returns, Note: if not supported structures allow and deny

if ($document_uri ~ '/data/|/cache/.*\.php$')
{
    return 403;
}
#1. www.xuliangwei.com/data/123.php  匹配
#2. www.xuliangwei.com/cache1/123.php 不匹配

nginx $ request_uri-based access control, $ request_uri parameter request more than $ docuemnt_uri, mainly for control uri request parameters.

Example 1: \ d {9,12} is a regular expression, represents 9-12 digit, e.g. gid = 1234567890 symbols on requirements.

if ($request_uri ~ "gid=\d{9,12}")
{
    return 403;
}
#1. www.xuliangwei.com/index.php?gid=1234567890&pid=111  匹配
#2. www.xuliangwei.com/gid=123  不匹配

Nginx $ http_referer-based access control,

Background: The website was hacked linked to horse web search engines is problematic when you click on to the site through a search engine, it displays a gambling website.
As the Trojans need to find the time, it can not be solved immediately, in order not to affect the user experience, can make a special request for this type of operation.
For example, the return can be directly accessed from Baidu link status code 404, or return section of html code.

if ($http_referer ~ 'baidu.com')
{
    return 404;
}

#或者

if ($http_referer ~ 'baidu.com')
{
    return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
}