nginx common request header parameter and anti-DDOS attacks nginx The anti-DDOS http_user_agent

The anti-DDOS nginx http_user_agent

Squid reverse proxy to the distal nginx

The anti-DDOS nginx http_user_agent

First check the access log, identify suspicious access features http_user_agent find, and then as a filter

"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MyIE 3.01)Cache-Control: no-store, must-revalidate"

if ($http_user_agent ~ must-revalidate) {

return 503;

}

# This returns a 503 error

location = / {

 include proxy.conf;

 if ( $http_user_agent ~* "MSIE 5.01" ) {

 proxy_pass http://www.qq.com;

 #access_log /usr/local/nginx/logs/k.log main;

      }

 proxy_pass http://windows.abc.com;

 }

# Determine what user-agent, if it is MSIE 5.01'll throw another local family to stay, such as pointing www.qq.com, see if you can hard to resist, ha ha

proxy_hide_header Cache-Control;

Finally, open back Cache-Control, visit the page about

This time the link on the front squid cache to the application server will not crash

#########################################################

Nginx parameters detailed description of module location

Nginx's Location can have the following matches:

1. = match the query exactly. If found, stop the search. 

2. ^ ~ prefix matching path, if found, stop the search.

3. ~ is case-sensitive matching canonical   

* 4 ~ to case-insensitive match

5.! ~ And! ~ * Do not match are case-insensitive and case-insensitive mismatch

 

File and directory matches

* -F and! -F used to determine whether a file exists

* -D and! -D to determine whether there is a directory

* -E and! -E used to determine whether there is a file or directory

Whether * -x and! -X is used to determine the executable file

 

Some of the available global variables

nginx global variable parameters explained:

arg_PARAMETER $ # this variable contains GET request, the value of the variable if there PARAMETER.

args $     # variable is equal to the request line (GET request) parameters, such as foo = 123 & bar = blahblah;

binary_remote_addr $ # binary customer address.

$ body_bytes_sent number of bytes sent out when the body respond #. Even if the connection is lost, the data is accurate.

$ CONTENT_LENGTH # Request Content-length header field.

the content_type $ # request Content-Type header field.

$ cookie_COOKIE value #cookie COOKIE variables

$ DOCUMENT_ROOT value specified in the instruction root # current request.

DOCUMENT_URI $ # and $ uri same.

Host $ # request from the host header field, otherwise the server name.

$hostname #Set to the machine’s hostname as returned by gethostname

$http_HEADER

is_args $ # if $ args parameter, this variable is equal to "?", or equal to, "" null value.

HTTP_USER_AGENT $ # client agent information

HTTP_COOKIE $ # client cookie information

limit_rate $ # This variable can limit the connection rate.

the QUERY_STRING $ # and $ args same.

$ request_body_file temporary file # client information request body name.

REQUEST_METHOD $ # action requested by the client, usually GET or POST.

REMOTE_ADDR $ IP address # client.

remote_port $ # client port.

REMOTE_USER $ # Auth Basic Module has passed authenticated user name.

request_completion $ # If the end of the request, set to OK. When the request is not finished or the last if the request is not a request of link chain, is empty (Empty).

$request_method #GET或POST

$ request_filename file path # current request, requested by the instruction root URI or alias generated.

REQUEST_URI $ # contains the original request URI parameters, it does not include the host name, such as: "/ foo / bar.php arg = baz?". Can not be modified.

scheme $ #http method (such as http, https).

$ SERVER_PROTOCOL # request protocol, usually HTTP / 1.0 or HTTP / 1.1.

server_addr $ # server address, after the completion of a system call can determine this value.

server_name $ # server name.

SERVER_PORT $ # request reaches the server's port number.

$ uri current URI # with no request parameters, $ uri does not contain a host name, such as "/foo/bar.html". The value and $ request_uri possible inconsistencies. $ request_uri browser sent me the value. This value is the value after rewrite. For example, made after internal redirects.

 

Behind the rewrite flag can be:

last 

break 

redirect 

permanent

 

proxy_pass http://localhost:80;

proxy_set_header Host $host;

Domain name information can be automatically changed after forwarding

 

 

Category: server operation and maintenance

Squid reverse proxy to the distal nginx

The anti-DDOS nginx http_user_agent

First check the access log, identify suspicious access features http_user_agent find, and then as a filter

"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MyIE 3.01)Cache-Control: no-store, must-revalidate"

if ($http_user_agent ~ must-revalidate) {

return 503;

}

# This returns a 503 error

location = / {

 include proxy.conf;

 if ( $http_user_agent ~* "MSIE 5.01" ) {

 proxy_pass http://www.qq.com;

 #access_log /usr/local/nginx/logs/k.log main;

      }

 proxy_pass http://windows.abc.com;

 }

# Determine what user-agent, if it is MSIE 5.01'll throw another local family to stay, such as pointing www.qq.com, see if you can hard to resist, ha ha

proxy_hide_header Cache-Control;

Finally, open back Cache-Control, visit the page about

This time the link on the front squid cache to the application server will not crash

#########################################################

Nginx parameters detailed description of module location

Nginx's Location can have the following matches:

1. = match the query exactly. If found, stop the search. 

2. ^ ~ prefix matching path, if found, stop the search.

3. ~ is case-sensitive matching canonical   

* 4 ~ to case-insensitive match

5.! ~ And! ~ * Do not match are case-insensitive and case-insensitive mismatch

 

File and directory matches

* -F and! -F used to determine whether a file exists

* -D and! -D to determine whether there is a directory

* -E and! -E used to determine whether there is a file or directory

Whether * -x and! -X is used to determine the executable file

 

Some of the available global variables

nginx global variable parameters explained:

arg_PARAMETER $ # this variable contains GET request, the value of the variable if there PARAMETER.

args $     # variable is equal to the request line (GET request) parameters, such as foo = 123 & bar = blahblah;

binary_remote_addr $ # binary customer address.

$ body_bytes_sent number of bytes sent out when the body respond #. Even if the connection is lost, the data is accurate.

$ CONTENT_LENGTH # Request Content-length header field.

the content_type $ # request Content-Type header field.

$ cookie_COOKIE value #cookie COOKIE variables

$ DOCUMENT_ROOT value specified in the instruction root # current request.

DOCUMENT_URI $ # and $ uri same.

Host $ # request from the host header field, otherwise the server name.

$hostname #Set to the machine’s hostname as returned by gethostname

$http_HEADER

is_args $ # if $ args parameter, this variable is equal to "?", or equal to, "" null value.

HTTP_USER_AGENT $ # client agent information

HTTP_COOKIE $ # client cookie information

limit_rate $ # This variable can limit the connection rate.

the QUERY_STRING $ # and $ args same.

$ request_body_file temporary file # client information request body name.

REQUEST_METHOD $ # action requested by the client, usually GET or POST.

REMOTE_ADDR $ IP address # client.

remote_port $ # client port.

REMOTE_USER $ # Auth Basic Module has passed authenticated user name.

request_completion $ # If the end of the request, set to OK. When the request is not finished or the last if the request is not a request of link chain, is empty (Empty).

$request_method #GET或POST

$ request_filename file path # current request, requested by the instruction root URI or alias generated.

REQUEST_URI $ # contains the original request URI parameters, it does not include the host name, such as: "/ foo / bar.php arg = baz?". Can not be modified.

scheme $ #http method (such as http, https).

$ SERVER_PROTOCOL # request protocol, usually HTTP / 1.0 or HTTP / 1.1.

server_addr $ # server address, after the completion of a system call can determine this value.

server_name $ # server name.

SERVER_PORT $ # request reaches the server's port number.

$ uri current URI # with no request parameters, $ uri does not contain a host name, such as "/foo/bar.html". The value and $ request_uri possible inconsistencies. $ request_uri browser sent me the value. This value is the value after rewrite. For example, made after internal redirects.

 

Behind the rewrite flag can be:

last 

break 

redirect 

permanent

 

proxy_pass http://localhost:80;

proxy_set_header Host $host;

Domain name information can be automatically changed after forwarding

 

 

Squid reverse proxy to the distal nginx

The anti-DDOS nginx http_user_agent

First check the access log, identify suspicious access features http_user_agent find, and then as a filter

"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MyIE 3.01)Cache-Control: no-store, must-revalidate"

if ($http_user_agent ~ must-revalidate) {

return 503;

}

# This returns a 503 error

location = / {

 include proxy.conf;

 if ( $http_user_agent ~* "MSIE 5.01" ) {

 proxy_pass http://www.qq.com;

 #access_log /usr/local/nginx/logs/k.log main;

      }

 proxy_pass http://windows.abc.com;

 }

# Determine what user-agent, if it is MSIE 5.01'll throw another local family to stay, such as pointing www.qq.com, see if you can hard to resist, ha ha

proxy_hide_header Cache-Control;

Finally, open back Cache-Control, visit the page about

This time the link on the front squid cache to the application server will not crash

#########################################################

Nginx parameters detailed description of module location

Nginx's Location can have the following matches:

1. = match the query exactly. If found, stop the search. 

2. ^ ~ prefix matching path, if found, stop the search.

3. ~ is case-sensitive matching canonical   

* 4 ~ to case-insensitive match

5.! ~ And! ~ * Do not match are case-insensitive and case-insensitive mismatch

 

File and directory matches

* -F and! -F used to determine whether a file exists

* -D and! -D to determine whether there is a directory

* -E and! -E used to determine whether there is a file or directory

Whether * -x and! -X is used to determine the executable file

 

Some of the available global variables

nginx global variable parameters explained:

arg_PARAMETER $ # this variable contains GET request, the value of the variable if there PARAMETER.

args $     # variable is equal to the request line (GET request) parameters, such as foo = 123 & bar = blahblah;

binary_remote_addr $ # binary customer address.

$ body_bytes_sent number of bytes sent out when the body respond #. Even if the connection is lost, the data is accurate.

$ CONTENT_LENGTH # Request Content-length header field.

the content_type $ # request Content-Type header field.

$ cookie_COOKIE value #cookie COOKIE variables

$ DOCUMENT_ROOT value specified in the instruction root # current request.

DOCUMENT_URI $ # and $ uri same.

Host $ # request from the host header field, otherwise the server name.

$hostname #Set to the machine’s hostname as returned by gethostname

$http_HEADER

is_args $ # if $ args parameter, this variable is equal to "?", or equal to, "" null value.

HTTP_USER_AGENT $ # client agent information

HTTP_COOKIE $ # client cookie information

limit_rate $ # This variable can limit the connection rate.

the QUERY_STRING $ # and $ args same.

$ request_body_file temporary file # client information request body name.

REQUEST_METHOD $ # action requested by the client, usually GET or POST.

REMOTE_ADDR $ IP address # client.

remote_port $ # client port.

REMOTE_USER $ # Auth Basic Module has passed authenticated user name.

request_completion $ # If the end of the request, set to OK. When the request is not finished or the last if the request is not a request of link chain, is empty (Empty).

$request_method #GET或POST

$ request_filename file path # current request, requested by the instruction root URI or alias generated.

REQUEST_URI $ # contains the original request URI parameters, it does not include the host name, such as: "/ foo / bar.php arg = baz?". Can not be modified.

scheme $ #http method (such as http, https).

$ SERVER_PROTOCOL # request protocol, usually HTTP / 1.0 or HTTP / 1.1.

server_addr $ # server address, after the completion of a system call can determine this value.

server_name $ # server name.

SERVER_PORT $ # request reaches the server's port number.

$ uri current URI # with no request parameters, $ uri does not contain a host name, such as "/foo/bar.html". The value and $ request_uri possible inconsistencies. $ request_uri browser sent me the value. This value is the value after rewrite. For example, made after internal redirects.

 

Behind the rewrite flag can be:

last 

break 

redirect 

permanent

 

proxy_pass http://localhost:80;

proxy_set_header Host $host;

Domain name information can be automatically changed after forwarding