Sorry if I present this question wrong...
I have GeoIP2 filtering installed - and it seems to work well in most cases, especially if a request comes in from a disallowed country for a resource that exists.
My question is about what nginx is doing if the resource does not exist...
I recently received a hack'ish request to "POST /cgi-bin/..."
I do not have such a directory, and I therefore do not have any location prefixed with /cgi-bin or similar. This makes me believe the / location would be used:
location / {
if ($allowed_country = 0) {
return 418;
}
root /usr/share/nginx/html;
index index.html index.htm;
}
However, nginx appears to be returning a 400 for this request. Other, similar requests seem to return 404's. But since this request came from an "invalid" country, I expect nginx to return 418.
Does this make sense? Is there a straightforward way to verify which location a URI will match (some kind of shell-test that indicates which location was chosen for a request?
Thanks in advance.
EDIT: I do have this near the bottom of my server block...
location ~ /\. { deny all; access_log off; log_not_found off; }
Could that be the culprit? Do I need that to trap invalid requests, or will they match the / location if I comment this out?
Edited 1 time(s). Last edit at 03/07/2022 02:11PM by aweber.