Join Log in
Score:0
D4v1dH03 avatar Server

How to prevent query string accessing attempts like /?hfsagrs=XXX

in flag
D4v1dH03

I am a new site owner and do not have so much traffic, but recently my NGINX access logs are flooded with requests as shown in this picture below.

I have attempted to block access with the pattern \?.* in the location block but it has no effect. How to block requests like this and return 444 ("blackhole" the requuest)?

Nginx logs showing this scenerio

For privacy reasons, IPs are redacted

72
0 + 0
Score:0
Ivan Shatsky avatar Server
gr flag
Ivan Shatsky

Unlike apache rewrite rules both location and rewrite nginx directives works with so-called normalized URI (see the location directive documentation to find out what does it mean) which does not include the query part. You can check the $arg_hfsargs nginx variable and close the connection if it isn't empty:

if ($arg_hfsargs) {
    return 444;
}

To close connection if the entire query string is not empty, you can check the $args variable instead.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.