Creating a Referrer Blacklist on Nginx
409 words ยท 3 minutes
Creating the Blacklist
In order to blacklist referral domains or websites with Nginx, you need to create a blacklist file. The file below will accept regexes for different domains or websites you wish to block.
First, create the file in your nginx directory:
Next, paste the following contents in and fill out the regexes with whichever domains you're blocking.
$http_referer $bad_referer {
;
0;
"~news.ycombinator.com" 1;
}
Configuring Nginx
In order for the blacklist to work, Nginx needs to know it exists and how to handle it. For this, edit the nginx.conf file.
Within this file, find the http block and add your blacklist file location to the end of the block.
http {
...
include /etc/nginx/blacklist.conf;
}
Enabling the Blacklist
Finally, we need to take action when a bad referral site is found. To do so, edit the configuration file for you website. For example, I have all website configuration files in the http.d directory. You may have them in the sites-available directory on some distributions.
Within each website's configuration file, edit the server blocks that are listening on ports 80 and 443 and create a check for the $bad_referrer variable we created in the blacklist file.
If a matching site is found, you can return any HTTP Status Code you want. Code 403 (Forbidden) is logical in this case since you are preventing a client connection due to a blacklisted domain.
server {
...
if ($bad_referer) {
403;
}
...
}
Restart Nginx
Lastly, restart Nginx to enable all changes made.
Testing the Results
In order to test the results, let's curl the contents of our site. To start, I'll curl the site normally:
The HTML contents of the page come back successfully:
<!doctype html>...
Next, let's include a blacklisted referrer:
This time, I'm met with a 403 Forbidden response page. That means we are successful and any clients being referred from a blacklisted domain will be met with this same response code.
403 Forbidden
403 Forbidden
nginx