Linux – Nginx, log referrers from certain domain to separate log file

linuxlog-filesloggingnginx

I have my nginx setup to block certain referers like so:

if ($http_referer ~* (site_name) ) {
  return 403;
}

This works fine, however I'd like to also log the blocked referrer to a separate file.

I tried adding

 access_log /path/to/server/bad_domain.log;

in the if statement; however this doesn't work.

Any ideas?

Thanks.

Edit:

I've also tried this to no avail.

if ($http_referer ~* (site_name) ) {
  set $crawler 'yes';
  return 403;


}

location ~ .* {
  if ($crawler = 'yes') {
  access_log /path/to/server/bad_domain.log;
    }
}

Edit 2:

Trying

map $http_referer $log_referer {
  domain1.com  1;
  default      0;
}

server { ..
    if ($http_referer = "1") {
    set $log_referer 1;
}
   access_log /path/to/logs/bad_domain.log if=$log_referer;

...}

Gives me the output of

nginx: [emerg] unknown log format "if=$log_referer"

Best Answer

According to nginx documentation found here and here, try to use map rule to map your http referer to certain value and then log to specific file according that value. Put this map in your http context (outside the server context):

map $http_referer $log_referer {
  example.com  1;
  default      0;
}

This goes to your server, location, etc.;

access_log /path/to/bad_domain.log combined if=$log_referer;

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Nginx – Trouble with nginx and serving from multiple directories under the same domain

The root directive is the problem here. Quote from the doc:

note: Keep in mind that the root will still append the directory to the request so that a request for "/i/top.gif" will not look in "/spool/w3/top.gif" like might happen in an Apache-like alias configuration where the location match itself is dropped. Use the alias directive to achieve the Apache-like functionality.

Basically, only use root for real roots: if the content is to be at / use root. If it's going to end on a subfolder, use alias:

location  /map/ {
  alias  /home/user/public_html/map/;
}

Also check what user nginx is running as and make sure that this user can access /home/user/public_html/map

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Nginx – Trouble with nginx and serving from multiple directories under the same domain

Related Topic