Block a request that contains a certain element in the header using Nginx

Question

Block a request that contains a certain element in the header using Nginx

Asked 8 years, 2 months ago

Viewed 119 times

0

Hello,

Let’s assume that a request has the HTTP_CF_CONNECTING_IP element in the header. This element is included by Cloudflare.

How do I block all requests that have this element in Nginx?

I tried the following:

server {
    listen 80;
    listen [::]:80;

    server_name _;

    ...

    deny $http_cf_connecting_ip;
}

I figured that way Nginx would take the IP that’s being stored in $http_cf_connecting_ip and block it, solving my case. But it did not work and generated the following error:

[emerg] 402#402: invalid parameter "$http_cf_connecting_ip" in ...

I also tried this way:

server {
    listen 80;
    listen [::]:80;

    server_name _;

    ...

    if ($http_cf_connecting_ip) {
        deny all;
    }
}

And Nginx gives me another error:

[emerg] 278#278: "deny" directive is not allowed here in ...

1 answer

Browser other questions tagged nginx

You are not signed in. Login or sign up in order to post.

by Clayderson Ferreira • **1,002** points · Answer 1 · 2017-08-28T01:23:26+00:00

I focused so much on Ny that I forgot that I can force a return along with some code, ending the request.

The solution for those who have the same problem is the following:

server {
    listen 80;
    listen [::]:80;

    server_name _;

    ...

    if ($http_cf_connecting_ip) {
        return 403;
    }
}