I would return nothing, that is the 444 code. 

I have scripts that process access.log for 444, then see if they come from locations without eyeballs such as data centers, VPS, etc. The entire IP space then goes in the firewall block. 

Your typical sysadmin on forums rants that I will end up blocking the entire world, but I can go days without seeing a IP that is not from an ISP. That is my blocking list is very effective.

I get about a hundred IPs a day doing mischief, with 99.99% looking to hack WordPress, which I don't even run. Most of the hits report a user agent rev of Firefox that never existed. 

From: Igal @ Lucee.org
Sent: Friday, May 19, 2017 3:20 PM
To: nginx@nginx.org; Alex Samad
Reply To: nginx@nginx.org
Subject: Re: How to restrict acces to specific friendly URL by IP in Wordpress site?

On 5/19/2017 3:14 PM, Alex Samad wrote:

On 20 May 2017 at 08:00, <li...@lazygranch.com> wrote:
My experience with deny in nginx is the url isn't hidden

So you don't want to just restrict access but you want to send a 404 not found unless they come from a specific ip address.

"deny" by default will return 403.  if you want to return 404 instead you can do something like the following:

### return 404 for requests to /404.internal
location =  /404.internal { internal; }

### send 403 to /404.internal to return 404 code instead
error_page  403 =404 /404.internal;

Of course, if you have a custom 404 page you can use it instead of the /404.internal, but this is a simple way that doesn't rely on any additional resources.

Igal Sapir
Lucee Core Developer
Lucee.org


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to