Nginx – Block HTTP 1.0 Requests

nginx

My server is under a heavy attack. Most requests are coming this way:

46.43.84.214 - - [15/May/2012:11:21:45 +0400] "GET / HTTP/1.0" 200 65859 "2r4k68998q24ay.ru" "Mozilla/4.0 (compatible; MSIE 4.01; Vonna.com b o t)"

The HTTP protocol version is same for all such requests. Can I block HTTP 1.0 requests on a web server level somehow? I have tried this to eliminate the attack (redirect to an empty file):

if ($server_protocol ~* "HTTP/1.0") {
    rewrite ^/ http://example.com/white.txt;
}

Does not seem to help much, I don't see any such redirects in the logs. I use nginx 1.0.9 as a reverse proxy with Apache 2.2.3.

Any help is appreciated.

Best Answer

You could use something like this

if ($http_user_agent ~* "Vonna.com" ) {
    return 444;
}

444 will close the connection without returning anything, assuring the lowest possible impact. Though if you want to inform possible legitimate users, use something like 400 perhaps.

Additionally, perhaps block by referrer, though most bots will easily spoof that too.

As far as blocking entire HTTP 1.0 is concerned, you should check this first. If you'd still like to implement the block as a temporary solution, something like this should work.

if ($server_protocol ~* "HTTP/1.0") {
    return 444;
}

Basically the same thing you had, except with no rewrite - if I'm reading it right, your usage made it just stay in a permanent loop.

Related Topic