Deny certain words

Hi,

Somehow my server gets hit by torrent requests which look like this:

GET /?info_hash=…

after the = come long strings of seemingly random hashes torrent
clients are looking for.

I’d like to deny all such requests so would like if someone could
provide me how to deny everything (and including) ?info_hash=

I’ve looked all over the net at similar examples but all I tried thus
far didn’t work

Thanks :slight_smile:


Yours truly

Torrent clients have their own user agent normally, I had a need a while
back to block some which we used the magic 444 to kill it.

if ($http_user_agent ~* (uTorrent|Transmission) ) {
return 444;
break;
}

On Tue, Sep 2, 2014 at 1:17 PM, Steve W.
[email protected] wrote:

Torrent clients have their own user agent normally, I had a need a while
back to block some which we used the magic 444 to kill it.

if ($http_user_agent ~* (uTorrent|Transmission) ) {
return 444;
break;

}

Thanks. That seems to work here :slight_smile:

clients are looking for.


nginx mailing list
[email protected]
nginx Info Page


Yours truly

Hello!

On Tue, Sep 02, 2014 at 12:17:12PM +0100, Steve W. wrote:

Torrent clients have their own user agent normally, I had a need a while
back to block some which we used the magic 444 to kill it.

if ($http_user_agent ~* (uTorrent|Transmission) ) {
return 444;
break;
}

Just a note: you don’t need “break” here.


Maxim D.
http://nginx.org/

On 02/09/2014 17:38, Grozdan wrote:

if ($http_user_agent ~* (uTorrent|Transmission) ) {
Hi,

As reported, the above code returns 444 on torrent clients trying to
connect. However, my access logs get filled with nginx sending a 444
response to clients. Is there a way to filter this? I’m currently
using grep -v ‘info_hash’ to filter but it’ll be better if nginx can
do this instead.

Thanks

You could try;

access_log off;

Steve.

On Tue, Sep 2, 2014 at 3:09 PM, Maxim D. [email protected] wrote:

}

Just a note: you don’t need “break” here.


Maxim D.
http://nginx.org/

Hi,

As reported, the above code returns 444 on torrent clients trying to
connect. However, my access logs get filled with nginx sending a 444
response to clients. Is there a way to filter this? I’m currently
using grep -v ‘info_hash’ to filter but it’ll be better if nginx can
do this instead.

Thanks


nginx mailing list
[email protected]
nginx Info Page


Yours truly

I’ve just thought of another angle for this. Is this hitting your
default/only site? If it’s got a host header you could create a site
just for that that bins all requests off with a 444 and no logging.

On Wed, Sep 3, 2014 at 5:13 PM, Grozdan [email protected] wrote:

On Wed, Sep 3, 2014 at 5:07 PM, Steve W. [email protected] wrote:

I’ve just thought of another angle for this. Is this hitting your
default/only site? If it’s got a host header you could create a site just
for that that bins all requests off with a 444 and no logging.

Yes, it’s the only site. I will try what you suggested. Thanks!

Well, just as I went and try what you suggested I came on the nginx
docs where it says you can use ‘map directive’ to decide what to log
or not so I tried the below and it works

Below goes inside http { … }

map $status $loggable {
~^444 0;
default 1;
}

and in the vhost inside server { … } goes the below

access_log /var/log/nginx/vhost.access.log combined if=$loggable;

This completely ignores disables logging of 444 responses

Yours truly

Yours truly

On Wed, Sep 3, 2014 at 5:07 PM, Steve W.
[email protected] wrote:

I’ve just thought of another angle for this. Is this hitting your
default/only site? If it’s got a host header you could create a site just
for that that bins all requests off with a 444 and no logging.

Yes, it’s the only site. I will try what you suggested. Thanks!

after the = come long strings of seemingly random hashes torrent


nginx mailing list
[email protected]
nginx Info Page


Yours truly