Welcome! Log In Create A New Profile

Advanced

Re: Fake video sharing Android App !!

March 17, 2015 06:14AM
@itpp, as i sent the logs above that referer_header for android requests
are empty, maybe blocking requests based on empty referer_header will
partially resolve our issue ? Following is the config i used to block empty
referer_header but in vain.

valid_referers server_names ~.;
if ($invalid_referer) {
return 403;
}

Android request log :


39.49.52.224 - - [15/Mar/2015:10:40:26 +0500] "GET
/files/thumbs/2015/03/14/1426310448973c5-1.jpg HTTP/1.1" 200 13096 "-"
"Dalvik/1.6.0 (Linux; U; Android 4.2.2; GT-S7582 Build/JDQ39)"


I might be putting this config under wrong location, following is the
content of android.conf and virtual.conf :

virtual.conf :

server {
listen 80;
server_name conversion.domain.com;
client_max_body_size 8000m;
# limit_rate 180k;
# access_log /websites/theos.in/logs/access.log main;

location / {
root /var/www/html/conversion;
index index.html index.htm index.php;
# autoindex on;
include android.conf;
}
location ~ \.(flv|jpg|jpeg)$ {
flv;
root /var/www/html/conversion;
expires 2d;
include android.conf;
valid_referers none blocked domain.net
www.domain.net domain.com www.domain.com;
if ($invalid_referer) {
return 403;
}
}
location ~ \.(mp4)$ {
mp4;
root /var/www/html/conversion;
expires 1d;
include android.conf;
valid_referers none blocked domain.net www.domain.net
domain.com www.domain.com;
if ($invalid_referer) {
return 403;
}
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /var/www/html/conversion;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ /\.ht {
deny all;
}
}


android.conf :

#if ($http_user_agent ~* "Android") {
# return 403;
#}

valid_referers server_names ~.;
if ($invalid_referer) {
return 403;
}

Regards.

Shahzaib


On Tue, Mar 17, 2015 at 2:10 PM, itpp2012 <nginx-forum@nginx.us> wrote:

> I'd use some kind of authentication based on a user logging in before
> allowing use of a service, an encrypted cookie or something along that
> line.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,257269,257303#msg-257303
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Fake video sharing Android App !!

shahzaib1232 March 16, 2015 07:10AM

Re: Fake video sharing Android App !!

Gena Makhomed March 16, 2015 07:20AM

Re: Fake video sharing Android App !!

Francis Daly March 16, 2015 09:30AM

Re: Fake video sharing Android App !!

shahzaib1232 March 16, 2015 09:46AM

Re: Fake video sharing Android App !!

Patschi March 16, 2015 09:58AM

Re: Fake video sharing Android App !!

itpp2012 March 16, 2015 10:47AM

Re: Fake video sharing Android App !!

Francis Daly March 16, 2015 10:52AM

Re: Fake video sharing Android App !!

shahzaib1232 March 17, 2015 04:24AM

Re: Fake video sharing Android App !!

itpp2012 March 17, 2015 05:10AM

Re: Fake video sharing Android App !!

shahzaib1232 March 17, 2015 06:14AM

Re: Fake video sharing Android App !!

itpp2012 March 17, 2015 06:38AM

Re: Fake video sharing Android App !!

shahzaib1232 March 17, 2015 07:22AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready