Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_referer_module.xml @ 357:3d6c27e22625

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Translated ngx_http_referer_module into English.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 25 Jan 2012 16:35:53 +0000
parents
children bb51d3e17dd0
line wrap: on
line source

<?xml version="1.0"?>

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_referer_module"
        link="/en/docs/http/ngx_http_referer_module.html"
        lang="en">

<section id="summary">

<para>
The <literal>ngx_http_referer_module</literal> module allows to block
access to a site for requests with invalid values in the
<header>Referer</header> header field.
It should be kept in mind that fabricating a request with an appropriate
<header>Referer</header> field value is quite easy, and so the intended
purpose of this module is not to block such requests thoroughly but to block
the mass flow of requests sent by regular browsers.
It should also be taken into consideration that regular browsers may
not send the <header>Referer</header> field even for valid requests.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
valid_referers none blocked server_names
               *.example.com example.* www.example.info/galleries/
               ~\.google\.;

if ($invalid_referer) {
    return 403;
}
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="valid_referers">
<syntax>
  <literal>none</literal> |
  <literal>blocked</literal> |
  <literal>server_names</literal> |
  <value>string</value>
  ...</syntax>
<default/>
<context>server</context>
<context>location</context>

<para>
Specifies values of the <header>Referer</header> request header field
that will cause the embedded variable <var>$invalid_referer</var> to
be set to 0.
</para>

<para>
Parameters can be as follows:
<list type="tag">

<tag-name><literal>none</literal></tag-name>
<tag-desc>
the <header>Referer</header> field is missing in the request header;
</tag-desc>

<tag-name><literal>blocked</literal></tag-name>
<tag-desc>
the <header>Referer</header> field is present in the request header,
but its value was deleted by a firewall or proxy server;
such values are strings that do not start from
“<literal>http://</literal>”;
</tag-desc>

<tag-name><literal>server_names</literal></tag-name>
<tag-desc>
the <header>Referer</header> request header field contains
one of the server names;
</tag-desc>

<tag-name>arbitrary string</tag-name>
<tag-desc>
defines a server name and an optional URI prefix.
A server name can have an “<literal>*</literal>” at the beginning or end.
When checking, the server’s port in the <header>Referer</header> field
is ignored;
</tag-desc>

<tag-name>regular expression</tag-name>
<tag-desc>
the first symbol should be a “<literal>~</literal>”.
It should be noted that an expression will be matched against
the text starting after the “<literal>http://</literal>”.
</tag-desc>

</list>
</para>

<para>
Example:
<example>
valid_referers none blocked server_names
               *.example.com example.* www.example.info/galleries/
               ~\.google\.;
</example>
</para>

</directive>

</section>

</module>