Filter request with http:// in Nginx

Question

Is there a way to filter request that look like "GET http://example.com" but not filter one that look like "GET /index.html"? In other words what is the Nginx variable that can be used in the "If" clause?

The reason for asking this is that I see in my web site log multiple requests that look like: "GET http://somesite.com/proxyheader" from users that search for free proxy servers.

score 2 · Accepted Answer · answered Oct 27 '10 at 13:28

2

This works for me in 0.8.41:

if ($request ~* "^[^ ]+[ ]+[^:]+://" ) { return 400; }

answered Oct 27 '10 at 13:28

sendmoreinfo

1,772
13
34

Exactly what I was looking for. – Ross Oct 27 '10 at 17:17
yes, but what's the context? does it go within `server {}`? – Alexander Mills Jun 11 '19 at 22:34

score 0 · Answer 2 · answered Oct 27 '10 at 08:48

0

Have you checked the variables in the nginx config?

Link: link text

Can you show us an excerpt of your log files? Is the http://somesite... a parameter (http://example.com/http://seomsite...)?

Regards, Ben.

answered Oct 27 '10 at 08:48

Benedikt Niessen

773
6
4

Yes I checked them, but still could not get the one that can be used to differentiate between two types of request. The log lines look like this "xxx.xxx.xxx.xxx - - [27/Oct/2010:08:57:41 +0000] "GET http://www.example.com/proxyheader.php HTTP/1.1" 200 556 "-" – Ross Oct 27 '10 at 09:06
In this case apply a regex to your $request variable. Set an appropriate return code (e.g. 403) and check your logs again. Good luck! – Benedikt Niessen Oct 27 '10 at 13:40

Filter request with http:// in Nginx

2 Answers2