Permalink
Browse files

* Added escaping of referer blocking when requests come from trusted …

…hosts.
  • Loading branch information...
1 parent 82613fd commit 78b2c0e43e27737c601366ca67d5ce2c694d2d94 @perusio committed Sep 2, 2011
Showing with 6 additions and 0 deletions.
  1. +6 −0 blacklist.conf
View
@@ -16,3 +16,9 @@ map $http_referer $bad_referer {
default 0;
~(?i)(babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica) 1;
}
+
+## Add here all hosts that should be spared any referrer checking.
+geo $bad_referer {
+ 127.0.0.1 0;
+ 192.168.1.0/24 0;
+}

2 comments on commit 78b2c0e

Hey perusio,

I'm experiencing the behaviour where this is just overwriting any of the values set before, basically rendering the map directive before obsolete.. Are you certain this behaviour works like you expect it to do?

Cheers!

Owner

perusio replied Aug 22, 2015

The idea is that the map directive is relevant only and only if the IP address of the client is not listed in the CIDR network specs.

You can try replacing the above by the following.

map $http_referer $ua_bad_referer {
    default 0;
     ~*(?:babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica) 1;
 }

geo $trusted_networks {
    default 0;
    127.0.0.1 1;
    192.168.1.0/24 1;
}

map $trusted_networks $bad_referer {
    default $ua_bad_referer;
    1 0;
}
Please sign in to comment.