nginx-ultimate-bad-bot-blocker icon indicating copy to clipboard operation
nginx-ultimate-bad-bot-blocker copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

[Url] how to block requested urls?

Open boomsya opened this issue 3 years ago • 8 comments

hi. How I can block requested url which contains phrase like "searchphrase=all" or "/component/search/?searchword" ?

log:

165.225.76.101 - - [19/May/2022:13:58:22 +0300] "GET /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.1" 200 12609 "-" "Mozilla/4.0 (Macintosh; U; PPC Mac OS X; en-US)" "-"
5.188.226.154 - - [19/May/2022:13:58:22 +0300] "ST /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.2" 408 0 "-" "Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaC7-00/012.003; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 BrowserNG/7.2.7.3 3gpp-gba" "206.143.0.245"
202.165.233.14 - - [19/May/2022:13:58:21 +0300] "GET /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.2" 200 12608 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/13.2b11866 Mobile/16A366 Safari/605.1.15" "38.5.93.166"

boomsya avatar May 19 '22 11:05 boomsya

Us the bad-referrer-words.conf file for this

mitchellkrogza avatar May 19 '22 11:05 mitchellkrogza

i have tried code:

"~*(?:\b)searchphrase(?:\b)"			1;

and in file /etc/nginx/conf.d/globalblacklist.conf i have changed:

map $http_user_agent $bad_bot {
	default		1;

but i see what still code 200 returning

boomsya avatar May 19 '22 11:05 boomsya

i have tried code:

"~*(?:\b)searchphrase(?:\b)"			1;

and in file /etc/nginx/conf.d/globalblacklist.conf i have changed:

map $http_user_agent $bad_bot {
	default		1;

but i see what still code 200 returning

I will test but FYI don't ever change globalblacklist.conf it will get overwritten with every update only use the include files. Did you reload nginx after adding that?

mitchellkrogza avatar May 19 '22 11:05 mitchellkrogza

i updating scripts manually once a 1-6 months yes.

nginx -s reload

boomsya avatar May 19 '22 11:05 boomsya

searchphrase=

In your main location / block you need to nest this phrase

location / {
   .....
   do stuff
   .....
           location ~ /searchphrase= {
			return 444;
		}
}

tested

curl -I "https://xxxxxxxxxx/searchphrase=something"
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

mitchellkrogza avatar May 19 '22 12:05 mitchellkrogza

sorry that not configured in your scripts. But anyway - thanks

boomsya avatar May 19 '22 12:05 boomsya

works fine in nginx site config:

if ($request_uri ~* (searchphrase|searchword) ){
    return 404;
}

boomsya avatar May 19 '22 13:05 boomsya

works fine in nginx site config:

if ($request_uri ~* (searchphrase|searchword) ){
    return 404;
}

great, I'll have to add this kind of filter in as well

mitchellkrogza avatar May 19 '22 13:05 mitchellkrogza