Nginx $ document_uri based access control, variable $ document_uri This variable is equivalent to $ uri, in fact, equivalent to a location match.
Example 1: When the user request contains url / admin /, 403 directly returns, Note: not supported structures allow and deny if
if ($document_uri ~ "/admin/")
{
return 403;
}
#1. www.xuliangwei.com/123/admin/1.html 匹配
#2. www.xuliangwei.com/admin123/1.html 不匹配
#3. www.xuliangwei.com/admin.php 不匹配
Example 2: The request is /admin.php uri returns a status code 403, 403 directly returns, Note: if not supported structures allow and deny
if ($document_uri = /admin.php)
{
return 403;
}
#1. www.xuliangwei.com/admin.php 匹配
#2. www.xuliangwei.com/123/admin.php 不匹配
Example 3: The request contains data or uri cache directory and is php, returns a status code 403, 403 directly returns, Note: if not supported structures allow and deny
if ($document_uri ~ '/data/|/cache/.*\.php$')
{
return 403;
}
#1. www.xuliangwei.com/data/123.php 匹配
#2. www.xuliangwei.com/cache1/123.php 不匹配
nginx $ request_uri-based access control, $ request_uri parameter request more than $ docuemnt_uri, mainly for control uri request parameters.
Example 1: \ d {9,12} is a regular expression, represents 9-12 digit, e.g. gid = 1234567890 symbols on requirements.
if ($request_uri ~ "gid=\d{9,12}")
{
return 403;
}
#1. www.xuliangwei.com/index.php?gid=1234567890&pid=111 匹配
#2. www.xuliangwei.com/gid=123 不匹配
Nginx $ http_referer-based access control,
Background: The website was hacked linked to horse web search engines is problematic when you click on to the site through a search engine, it displays a gambling website.
As the Trojans need to find the time, it can not be solved immediately, in order not to affect the user experience, can make a special request for this type of operation.
For example, the return can be directly accessed from Baidu link status code 404, or return section of html code.
if ($http_referer ~ 'baidu.com')
{
return 404;
}
#或者
if ($http_referer ~ 'baidu.com')
{
return 200 "<html><script>window.location.href='//$host$request_uri';</script></html>";
}