2

I have written a basic http referer redirector that looks something like this:

if ($http_referer ~* (google|yahoo|bing|duckduckgo)) {  return 301 https://altavista.com; }

My goal is something like this

if ($http_referer ~* (google|yahoo|bing|duckduckgo)) {
    add $x-forwarded-for bad_ips.txt; <-- this line is the question (x-forwarded-for because it's behind cloudflare)
    return 301 https://altavista.com; 
}
if ($bad_ip) { 
    return 301 https://altavista.com; 
}

Is there any way to do this? The goal is essentially if you are referred from a website on the blacklist, I would like to add your ip to the redirect list.

Note: This does not need to be done purely in nginx; using other technologies in addition to nginx is fine so long as they are free.

Please note my site is utilizing cloudflare so rather than banning a simple IP it has to be using the x-forwarded-for address or I'm just banning cloudflare.

Thanks

A_Elric
  • 3,508
  • 13
  • 52
  • 85

1 Answers1

3

Until I remember there is no direct method to do this.

A paid option can be using Nginx Plus according to this blog.

Other than that there are 2 options that I can see now are:

  1. Use OpenResty with LUA module. What you have to do is

    1. on every request write IP to a file
    2. on every request read from the file and if IP exists then 301 redirect.

    If you do not want to use OpenResty then you can also build Nginx with LUA module.

    [I am concerned about efficiency at this point. This method may add performance overhead as the file has to be parsed on every request.]

  2. Use Fail2Ban with Nginx.

I wanted to add this in the comment but I don't have enough reputation to comment.

Devarshi Sathiya
  • 421
  • 2
  • 7