nginx built in variables are detailed and isolated for simple interception
- 2020-05-12 06:59:18
- OfStack
1, nginx built-in variable
nginx has many built-in variables for simple filtering.
$arg_name
In the request line name Parameters.
$args
The parameter string in the request line.
$cookie_name
called name the cookie .
with $uri The same.
$http_name
The value of any request header; The second half of the variable name is the header name that is converted to lowercase and replaced by an underscore.
$host
" Host "The value of the request header, if there is no request header, is the primary host name of the virtual host corresponding to the request.
$query_string
with $args The same.
$realpath_root
According to the root Instructions or alias The instruction calculates the absolute path of the current request. Where the symbolic links are resolved to the actual file path.
$remote_addr
The client IP Address.
$remote_port
Client port.
$remote_user
The user name provided for basic user authentication.
$request
The complete original request line.
$request_body
Request body. In the proxy_pass Instructions and fastcgi_pass In the path of instruction processing, This variable value is available.
$request_body_file
Temporary file name for request body. When processing is complete, the temporary file will be deleted. If you want to always write the request body to a file, you need to open it client_body_in_file_only . If the request is in the proxy or FastCGI Passing a temporary file name in a request should disable the body of the request itself. use proxy_pass_request_body off instruction and fastcgi_pass_request_body off instruction Respectively prohibited in the agent and FastCGI Pass the request body in.
$request_completion
When the request completes, return" OK Otherwise returns an empty string.
$request_filename
Based on the root Instructions or alias Instructions, and requests URI , the current requested file path.
$request_method
HTTP Method, usually" GET "Or" POST ".
$request_time
Request processing time, in seconds, with an accuracy of milliseconds (1.3.9, 1.2.6) ; The request processing time is received from the client to the end 1 The byte count begins.
$request_uri
The complete original request line (with arguments).
$scheme
Request protocol type, which is" http "Or" https ".
$status
Response status code.
$tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, $tcpinfo_rcv_space
The client TCP Connection information in the support socket option TCP_INFO Is available on the system.
$uri
After the current request is normalized URI . variable $uri Can change as the request is processed. For example, when making an internal jump, or using the default page file
A few points to note in particular:
$arg_name
In the request line name Parameters.
$http_name
The value of any request header; The second half of the variable name is the header name that is converted to lowercase and replaced by an underscore.
$cookie_name
called name the cookie
These are all variables where name is the name of the parameter.
The design is particularly elaborate, similar to lua's. The specific parameter interception is written directly.
2. Intercept token in head
For example, when doing mobile client development, timestamp, token, sign, uuid parameters
All four of these parameters have to be added. Increased safety against brushing.
token is the client login token. sign is the request data signature.
Prevent someone from getting url and logging in.
The last one is uuid, the device number, which can also play a definite protective role.
Disable the uuid in the head of one header for Android-uuid-1122998800. Notice that this is $http_uuid and uuid after that is the parameter in the head of header.
if ($http_uuid ~ 'android-uuid-1122998800') {
return 403 "Error uuid forbidden.";
}
Conduct an ip intercept. If an ip attack is found, disable it.
if ($remote_addr ~ '10.198.2.2') {
return 403 "Error uuid forbidden.";
}
Disable the attack log. This part of the log will affect the data processing, directly disabled.
access_log off;
4,
You can disable jumps, processing, which has built-in variables that are commonly used.
It can be organized according to its own business logic. Provide system stability.
Thank you for reading, I hope to help you, thank you for your support of this site!