I have web application hosted in nginx web server. I would like to disable request from any proxy server to my webserver (nginx) .
I need to return 403 for those who request via proxy server.
Is there anyway to check X-Forwarded-For set in the request and not allowed those request from nginx ?
or any other way to achieve this ?
upstream tomcat_srv
{
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}
server
{
listen 443 ssl http2;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
server_name exam.test.com;
ssl_certificate /etc/nginx/ssl/test/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/test/test.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!KRB5:!PSK:!MD5:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
if ($http_x_forwarded_for) {
return 403;
}
location / {
proxy_pass http://tomcat_srv;
}
}
You might be blocking a few other things, but this should work:
You could also redirect to something that explains why its not working to users.