Firewall rule to block referers other than the sites domain

#1

So I use Nginx in Nginx my code to block referers and only allow empty/black/none referers or referers that have my domain name is this.

valid_referers none blocked server_names;
if ($invalid_referer) {
	return   403;
}

My code will block any request that the referer does not match my websites domain name.

In Cloudflare firewall i have come up with this rule but it needs work could anyone help me achieve what my Nginx code above does.

(http.request.uri contains ".mp4" and not http.referer contains "")

It needs to do the same as Nginx can do.

0 Likes

#2

Please try this way once…

Note: I have not tested this.

0 Likes

#3

But what if the referer field is missing or blank/empty/none that is the problem :frowning:

I need to allow requests with those conditions the same as Nginx will allow those requests under those conditions.

0 Likes

#4

Dear, I would suggest thinking in the reverse way.

Do not whitelist your domain or blank referrer. Why not just blacklist some domain from which you have the problem? This may solve the issue!

0 Likes

#5

Because of dynamic domains issue. I would have to manually enter each individual domain and they change constantly.

And the domin giving me so much grief falls under a search engine… I don’t want to block a search engine but i don’t know why I am getting so many requests with the referer.

yastatic.net
yandex.ru

They are putting my sites media in a iframe but i can’t see or find out where or why. It is annoying bandwidth problem.

0 Likes

#6

This might help.

User-agent: Yandex
Disallow: /*.mp4$
User-agent: YandexMedia
Disallow: /*.mp4$

Information source: https://yandex.com/support/webmaster/controlling-robot/robots-txt.html

0 Likes

#7

Not really the yastatic is just an example of one domain. there are thousands most not even search engines.

I need the way Nginx does it like i wrote originaly. It is simple effective and works how i need it to.

Cloudflare needs to do it the same as Nginx can for my needs. It is possible i just don’t see how to include blank empty or missing referer headers to the firewall code.

0 Likes

#8

This post was flagged by the community and is temporarily hidden.

0 Likes

#9

This post was flagged by the community and is temporarily hidden.

0 Likes

#11

I would expect the following to work

0 Likes