Whitelist

From SEnginx
Revision as of 05:30, 29 March 2014 by Root (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Whitelist

Synopsis

Whitelist module filters the User-Agent field and supports reverse DNS lookup. Requests hitting the whitelist will skip the inspection of related security modules. Whitelist can be applied to the following security modules:

Reverse DNS lookup is to lookup domain name of the DNS server according to the source IP of the request. Only when the domain name matches the regular pattern that user predefined, the whitelist set the variable to true. Reverse DNS lookup prevent the requests faking the well-known robots with the User-Agent field.
Multiple whitelists can be defined and applied to different modules.
This feature is available since version 1.5.11.

Directives

whitelist_ua

Syntax whitelist_ua $variable { ... }
Default -
Context http

Create user-agent whitelist
Example:

whitelist_ua $ua_wl {
    "baiduspider";
    "googlebot";
}

Enable DNS reversing:

resolver 10.5.1.204 ipv6=off;
resolver_timeout 5s;
whitelist_ua $ua_wl_dns {
    "baiduspider" ".*\.baidu\.com";
    "googlebot" ".*\.google\.com";
}

Enable case insensitive:

resolver 10.5.1.204 ipv6=off;
resolver_timeout 5s;
whitelist_ua $ua_wl_dns {
    caseless;
    "baiduspider" ".*\.baidu\.com";
    "googlebot" ".*\.google\.com";
}

Variables defined in the whitelist can be used in other security modules, including in the 'location if' statement (but not in 'server if'statements).
Example:

In cookie poisoning module:
cookie_poisoning_whitelist ua_var_name=ua_wl_dns;
In if statement:
if ($ua_wl_dns) {
    # do something
}
# else
# do some secure checks

To use whitelist variables in other security modules, please see the module documents respectively.

Personal tools
Namespaces

Variants
Actions
Navigation
In other languages
Toolbox