Nginx block from referrer

Question

I need block all http connections, who have referrer click2dad.net. I write in mysite.conf:

 location / {
            valid_referers ~.*http://click2dad\.net.*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }

But i still see in nginx logs:

HTTP/1.1" 200 26984 "http://click2dad.net/view/VUhfCE4ugTsb0SoKerhgMvPXcmXszU" 

200, not 403

As it is correct to block all clients from the click2dad.net ?

Answer 1

valid_referers solution works but, to me personally, it's hard to maintain a long blacklist that way. An alternative solution is to use ngx_http_map_module module. Under ubuntu 14.04 nginx distribution, you would make an /etc/nginx/blacklist.conf file:

# /etc/nginx/blacklist.conf

map $http_referer $bad_referer {
    hostnames;

    default                           0;

    # Put regexes for undesired referers here
    "~social-buttons.com"             1;
    "~semalt.com"                     1;
    "~kambasoft.com"                  1;
    "~savetubevideo.com"              1;
    "~descargar-musica-gratis.net"    1;
    "~7makemoneyonline.com"           1;
    "~baixar-musicas-gratis.com"      1;
    "~iloveitaly.com"                 1;
    "~ilovevitaly.ru"                 1;
    "~fbdownloader.com"               1;
    "~econom.co"                      1;
    "~buttons-for-website.com"        1;
    "~buttons-for-your-website.com"   1;
    "~srecorder.co"                   1;
    "~darodar.com"                    1;
    "~priceg.com"                     1;
    "~blackhatworth.com"              1;
    "~adviceforum.info"               1;
    "~hulfingtonpost.com"             1;
    "~best-seo-solution.com"          1;
    "~googlsucks.com"                 1;
    "~theguardlan.com"                1;
    "~i-x.wiki"                       1;
    "~buy-cheap-online.info"          1;
    "~Get-Free-Traffic-Now.com"       1;
}

Then include it in your /etc/nginx/nginx.conf file:

# /etc/nginx/nginx.conf


    http {
    # ...

      include blacklist.conf;

    # ...

    }

Having done that, you can check for $bad_referer condition in your nginx site:

# /etc/nginx/sites-enabled/mysite.conf

server {
  # ...

  if ($bad_referer) { 
    return 444; 
  } 

  # ...
}

And to ensure that this stuff works, you can execute a similar command in your shell:

$ curl --referer http://www.social-buttons.com https://example.org

... which should give you:

curl: (52) Empty reply from server

I wrote a blog post on this solution here https://fadeit.dk/blog/2015/04/22/nginx-referer-spam-blacklist/ .

Answer 2

It should be noted that an expression will be matched against the text starting after the “http://” or “https://” http://nginx.org/en/docs/http/ngx_http_referer_module.html

Correct config:

 location / {
            valid_referers click2dad.net*;
            if ($invalid_referer = ''){
                    return 403;
            }
            try_files       $uri    $uri/   /index.php?$args;
    }