I suspect the map module can do that more efficiently. There is an example of how to use the map module in this post:
http://ask.xmodulo.com/block-specific-user-agents-nginx-web-server.html The code is certainly cleaner using map. I use three maps, specifically for bad user agent, bad request, and bad referrer. Original Message From: Anoop Alias Sent: Saturday, September 24, 2016 1:58 AM To: Nginx Reply To: nginx@nginx.org Subject: performance hit in using too many if's Hi, I was following some suggestions on blocking user agents,sql injections etc as in the following URL https://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc Just wanted to know what is the performance hit when using so many of these if's ( in light of the if-is-evil policy ). Especially if the server is having a lot of virtual hosts and the rules are matched for each of them. Is it like: If the server is capable (beefy) it should be able to handle these URL ? or There is a huge performance penalty .Significantly more than apache+mod_security as an example or The is a performance penalty but not as much as other security tools or WAF's like naxsi or mod_security Thanks in advance, -- Anoop P Alias _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
