‎I suspect the map module can do that more efficiently. There is an example of how to use the map module in this post:

http://ask.xmodulo.com/block-specific-user-agents-nginx-web-server.html

The code is certainly cleaner using map. I use three maps, specifically for  bad user agent, bad request, and bad referrer. 



  Original Message  
From: Anoop Alias
Sent: Saturday, September 24, 2016 1:58 AM
To: Nginx
Reply To: nginx@nginx.org
Subject: performance hit in using too many if's

Hi,

I was following some suggestions on blocking user agents,sql
injections etc as in the following URL

https://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc

Just wanted to know what is the performance hit when using so many of
these if's ( in light of the if-is-evil policy ). Especially if the
server is having a lot of virtual hosts and the rules are matched for
each of them.

Is it like:

If the server is capable (beefy) it should be able to handle these URL ?

or

There is a huge performance penalty .Significantly more than
apache+mod_security as an example

or

The is a performance penalty but not as much as other security tools
or WAF's like naxsi or mod_security


Thanks in advance,

--
Anoop P Alias

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx