I'm running two mongrels under an Nginx server. I keep getting requests for a nonexistent file. The IP addresses change frequently but the referring URL stays the same. I'd like to resolve this.
+1
A:
I've been in a similar situation before where I needed to block people based on behaviour instead of other arbitrary rules that a firewall could sort out on its own.
They way I worked around the problem was to make my logic (Rails in your case) do the blocking... But a long way round:
- Have your logic maintain a block-list as a new-line separated plaintext file.
- Create a bash (or other) script as root to read this file and add its listees to your firewall's blocklist
- Create a cron job to call the script, again, as root
The reason I do it this way around (rather than just giving Django permissions to alter firewall config) is simply: security. If my application were hacked, I wouldn't want it to hurt anything else.
The bash script is something like this:
exec < /path/to/my/djago-maintained/block-list
while read line
do
iptables -A INPUT --source $line/32 -j DROP
done
Oli
2009-01-19 12:47:07
can you point to a tutorial on this type of blocking? I'm not really grasping your solution. thank you so much for helping. i'm trying to find a solution in the best place i know (stackoverflow :-) but don't want it moderated for no good reason.
Jesse
2009-01-19 13:00:49
I've never seen a tutorial for something like this and I don't know what its proper name (if it has one) is... This is just what came to mind when I had a similar issue. Most of it is just sysadmin stuff.
Oli
2009-01-19 13:44:17
+1
A:
https://calomel.org/nginx.html
Block most "referrer spam" -- "more of an annoyance than a problem"
nginx.conf
## Deny certain Referers (case insensitive)
## The ~* makes it case insensitive as opposed to just a ~
if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo))
{ return 403; }
Jesse
2009-01-19 23:36:36