Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_referer_module.xml @ 364:bb51d3e17dd0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Style fixed.
author Ruslan Ermilov <ru@nginx.com>
date Fri, 27 Jan 2012 10:39:12 +0000
parents 3d6c27e22625
children 9913f1d51c07
line wrap: on
line source

<?xml version="1.0"?>

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_referer_module"
        link="/en/docs/http/ngx_http_referer_module.html"
        lang="en">

<section id="summary">

<para>
The <literal>ngx_http_referer_module</literal> module allows to block
access to a site for requests with invalid values in the
<header>Referer</header> header field.
It should be kept in mind that fabricating a request with an appropriate
<header>Referer</header> field value is quite easy, and so the intended
purpose of this module is not to block such requests thoroughly but to block
the mass flow of requests sent by regular browsers.
It should also be taken into consideration that regular browsers may
not send the <header>Referer</header> field even for valid requests.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
valid_referers none blocked server_names
               *.example.com example.* www.example.info/galleries/
               ~\.google\.;

if ($invalid_referer) {
    return 403;
}
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="valid_referers">
<syntax>
    <literal>none</literal> |
    <literal>blocked</literal> |
    <literal>server_names</literal> |
    <value>string</value>
    ...</syntax>
<default/>
<context>server</context>
<context>location</context>

<para>
Specifies values of the <header>Referer</header> request header field
that will cause the embedded variable <var>$invalid_referer</var> to
be set to 0.
</para>

<para>
Parameters can be as follows:
<list type="tag">

<tag-name><literal>none</literal></tag-name>
<tag-desc>
the <header>Referer</header> field is missing in the request header;
</tag-desc>

<tag-name><literal>blocked</literal></tag-name>
<tag-desc>
the <header>Referer</header> field is present in the request header,
but its value was deleted by a firewall or proxy server;
such values are strings that do not start from
“<literal>http://</literal>”;
</tag-desc>

<tag-name><literal>server_names</literal></tag-name>
<tag-desc>
the <header>Referer</header> request header field contains
one of the server names;
</tag-desc>

<tag-name>arbitrary string</tag-name>
<tag-desc>
defines a server name and an optional URI prefix.
A server name can have an “<literal>*</literal>” at the beginning or end.
When checking, the server’s port in the <header>Referer</header> field
is ignored;
</tag-desc>

<tag-name>regular expression</tag-name>
<tag-desc>
the first symbol should be a “<literal>~</literal>”.
It should be noted that an expression will be matched against
the text starting after the “<literal>http://</literal>”.
</tag-desc>

</list>
</para>

<para>
Example:
<example>
valid_referers none blocked server_names
               *.example.com example.* www.example.info/galleries/
               ~\.google\.;
</example>
</para>

</directive>

</section>

</module>