Whitelist
Contents |
Whitelist
Synopsis
Whitelist module filters the User-Agent field and supports reverse DNS lookup. Requests hitting the whitelist will skip the inspection of related security modules. Whitelist can be applied to the following security modules:
Reverse DNS lookup is to lookup domain name of the DNS server according to the source IP of the request. Only when the domain name matches the regular pattern that user predefined, the whitelist set the variable to true. Reverse DNS lookup prevent the requests faking the well-known robots with the User-Agent field.
Multiple whitelists can be defined and applied to different modules.
This feature is available since version 1.5.11.
Directives
whitelist_ua
| Syntax | whitelist_ua $variable { ... } |
| Default | - |
| Context | http |
Create user-agent whitelist
Example:
whitelist_ua $ua_wl {
"baiduspider";
"googlebot";
}
Enable DNS reversing:
resolver 10.5.1.204 ipv6=off;
resolver_timeout 5s;
whitelist_ua $ua_wl_dns {
"baiduspider" ".*\.baidu\.com";
"googlebot" ".*\.google\.com";
}
Enable case insensitive:
resolver 10.5.1.204 ipv6=off;
resolver_timeout 5s;
whitelist_ua $ua_wl_dns {
caseless;
"baiduspider" ".*\.baidu\.com";
"googlebot" ".*\.google\.com";
}
Variables defined in the whitelist can be used in other security modules, including in the 'location if' statement (but not in 'server if'statements).
Example:
In cookie poisoning module:
cookie_poisoning_whitelist ua_var_name=ua_wl_dns;
In if statement:
if ($ua_wl_dns) {
# do something
}
# else
# do some secure checks
To use whitelist variables in other security modules, please see the module documents respectively.
