Snippets

ESTI design Whitelist nginx referer filter config generator

Created by Robert Poz last modified
referers_whitelist.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# Script generates nginx configuration rules for
# whitelist-based referer headers request filtering
#
# Add following line to server { } block in nginx config:
# include /etc/nginx/conf.d/referer_whitelist.conf;


NGINX_CONF_DIR=/etc/nginx/conf.d

whitelist="$1"
output=${2:-/$NGINX_CONF_DIR/referer_whitelist.conf}

usage() {
  echo "This script must be run with super-user privileges."
  echo -e "\nUsage:\n$0 <filename> \n"
}

if [  $# -lt 1 ] || [ ! -f $whitelist ]; then
    echo $#
    echo $whitelist
    usage
    exit 1
fi

(
  echo "set \$valid_referer '';"
  printf "if (\$http_referer !~ \"(%s)\") { set \$valid_referer 'true'; }" `sort $whitelist | uniq | tr "\n" "|" | sed 's/[\|]*$//'`
  echo
  echo "if (\$http_referer = '-') { set \$valid_referer 'true'; }"
  echo "if (\$http_referer = '') { set \$valid_referer 'true'; }"
  echo "if (\$valid_referer = '') { return 404; }"
) #> $output

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.