Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
nginx
GitHub Repository: nginx/nginx.org
 Path: blob/main/xml/en/docs/http/ngx_http_referer_module.xml
1 views
1
<?xml version="1.0"?>

2


3
<!--

4
  Copyright (C) Igor Sysoev

5
  Copyright (C) Nginx, Inc.

6
  -->

7


8
<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

9


10
<module name="Module ngx_http_referer_module"

11
        link="/en/docs/http/ngx_http_referer_module.html"

12
        lang="en"

13
        rev="2">

14


15
<section id="summary">

16


17
<para>

18
The <literal>ngx_http_referer_module</literal> module is used to block

19
access to a site for requests with invalid values in the

20
<header>Referer</header> header field.

21
It should be kept in mind that fabricating a request with an appropriate

22
<header>Referer</header> field value is quite easy, and so the intended

23
purpose of this module is not to block such requests thoroughly but to block

24
the mass flow of requests sent by regular browsers.

25
It should also be taken into consideration that regular browsers may

26
not send the <header>Referer</header> field even for valid requests.

27
</para>

28


29
</section>

30


31


32
<section id="example" name="Example Configuration">

33


34
<para>

35
<example>

36
valid_referers none blocked server_names

37
               *.example.com example.* www.example.org/galleries/

38
               ~\.google\.;

39


40
if ($invalid_referer) {

41
    return 403;

42
}

43
</example>

44
</para>

45


46
</section>

47


48


49
<section id="directives" name="Directives">

50


51
<directive name="referer_hash_bucket_size">

52
<syntax><value>size</value></syntax>

53
<default>64</default>

54
<context>server</context>

55
<context>location</context>

56
<appeared-in>1.0.5</appeared-in>

57


58
<para>

59
Sets the bucket size for the valid referers hash tables.

60
The details of setting up hash tables are provided in a separate

61
<link doc="../hash.xml">document</link>.

62
</para>

63


64
</directive>

65


66


67
<directive name="referer_hash_max_size">

68
<syntax><value>size</value></syntax>

69
<default>2048</default>

70
<context>server</context>

71
<context>location</context>

72
<appeared-in>1.0.5</appeared-in>

73


74
<para>

75
Sets the maximum <value>size</value> of the valid referers hash tables.

76
The details of setting up hash tables are provided in a separate

77
<link doc="../hash.xml">document</link>.

78
</para>

79


80
</directive>

81


82


83
<directive name="valid_referers">

84
<syntax>

85
    <literal>none</literal> |

86
    <literal>blocked</literal> |

87
    <literal>server_names</literal> |

88
    <value>string</value>

89
    ...</syntax>

90
<default/>

91
<context>server</context>

92
<context>location</context>

93


94
<para>

95
Specifies the <header>Referer</header> request header field values

96
that will cause the embedded <var>$invalid_referer</var> variable to

97
be set to an empty string.

98
Otherwise, the variable will be set to “<literal>1</literal>”.

99
Search for a match is case-insensitive.

100
</para>

101


102
<para>

103
Parameters can be as follows:

104
<list type="tag">

105


106
<tag-name><literal>none</literal></tag-name>

107
<tag-desc>

108
the <header>Referer</header> field is missing in the request header;

109
</tag-desc>

110


111
<tag-name><literal>blocked</literal></tag-name>

112
<tag-desc>

113
the <header>Referer</header> field is present in the request header,

114
but its value has been deleted by a firewall or proxy server;

115
such values are strings that do not start with

116
<literal>http://</literal>” or “<literal>https://</literal>”;

117
</tag-desc>

118


119
<tag-name><literal>server_names</literal></tag-name>

120
<tag-desc>

121
the <header>Referer</header> request header field contains

122
one of the server names;

123
</tag-desc>

124


125
<tag-name>arbitrary string</tag-name>

126
<tag-desc>

127
defines a server name and an optional URI prefix.

128
A server name can have an “<literal>*</literal>” at the beginning or end.

129
During the checking, the server’s port in the <header>Referer</header> field

130
is ignored;

131
</tag-desc>

132


133
<tag-name>regular expression</tag-name>

134
<tag-desc>

135
the first symbol should be a “<literal>~</literal>”.

136
It should be noted that an expression will be matched against

137
the text starting after the “<literal>http://</literal>

138
or “<literal>https://</literal>”.

139
</tag-desc>

140


141
</list>

142
</para>

143


144
<para>

145
Example:

146
<example>

147
valid_referers none blocked server_names

148
               *.example.com example.* www.example.org/galleries/

149
               ~\.google\.;

150
</example>

151
</para>

152


153
</directive>

154


155
</section>

156


157


158
<section id="variables" name="Embedded Variables">

159


160
<para>

161
<list type="tag">

162


163
<tag-name id="var_invalid_referer"><var>$invalid_referer</var></tag-name>

164
<tag-desc>

165
Empty string, if the <header>Referer</header> request header field

166
value is considered

167
<link id="valid_referers">valid</link>, otherwise “<literal>1</literal>”.

168
</tag-desc>

169


170
</list>

171
</para>

172


173
</section>

174


175
</module>

176


177