block certain requests for no referer (#10773)

mekarpeles · pre-commit-ci[bot] · web-flow · commit 247986f00311 · 2025-05-14T13:14:38.000-07:00
* block certain requests for no referer

---------

Co-authored-by: pre-commit-ci[bot] &lt;66853113+pre-commit-ci[bot]@users.noreply.github.com&gt;
diff --git a/docker/web_nginx.conf b/docker/web_nginx.conf
@@ -89,6 +89,31 @@ server {
            return 444;
         }
 
+
+        # ===========================================
+        # Block certain patterns when no referer set:
+        # ===========================================
+
+        # Create a variable to track if referer is empty
+        set $suspect_arg 0;
+
+        # If any of the following parameters are set...
+        if ($args ~* "(v=|m=|action=)") {
+            set $suspect_arg 1;
+        }
+
+        # AND if the referer is set...
+        if ($http_referer = "" ) {
+            set $suspect_arg "${suspect_arg}1";
+        }
+
+        # Block requests with m= v= or action= parameters and empty referer
+        if ($suspect_arg = "11") {
+            return 444;
+        }
+
+        # -------------------------------------------
+
         proxy_pass http://webnodes;
         proxy_set_header Host $http_host;
 
