D10-Nginx-http_user_agent
Nginx 有许多内置变量,其中的 $http_user_agent 代表客户端浏览器的 UA ( User Agent) 信息。
1 正常的nginx 日志
//windows xp1(IE6)
10.0.100.82 - - [10/Aug/2012:10:26:12 +0800] "GET / HTTP/1.1" 200 6764 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 192.168.4.157
2 判断 user_agent,返回"503"状态码
//nginx 代码
- if ( $http_user_agent ~* "Mozilla/4.0\ \(compatible;\ MSIE\ 6.0;\ Windows\ NT\ 5.1;\ SV1;\ .NET\ CLR\ 2.0.50727;\ .NET\ CLR\ 3.0.4506.2152;\ .NET\ CLR\ 3.5.30729\)" )
- {
- return 503;
- }
3 更改后的nginx 日志
10.0.100.82 - - [10/Aug/2012:10:26:12 +0800] "GET / HTTP/1.1" 503 608 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 192.168.4.157
//浏览器返回503
4 不同系统不同浏览器的 http_user_agent
windows xp1(IE6)
10.0.100.82 - - [10/Aug/2012:10:30:15 +0800] "GET / HTTP/1.1" 444 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 192.168.4.157
windows xp2(IE6)
10.0.100.72 - - [10/Aug/2012:10:36:53 +0800] "GET /wp-content/themes/twentyeleven/style.css HTTP/1.0" 304 0 "-" "Mozilla/4.0 (compatible;MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648)" 192.168.6.10, 10.0.100.82
windows xp2(360)
10.0.100.82 - - [10/Aug/2012:10:38:03 +0800] "GET / HTTP/1.1" 200 6761 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; 360SE)" 192.168.6.10
windows 2k3(IE6)
10.0.100.82 - - [10/Aug/2012:10:34:10 +0800] "GET / HTTP/1.1" 200 6764 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; WOW64; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" 192.168.57.81
ubuntu1 (Firefox)
10.0.100.82 - - [10/Aug/2012:10:40:18 +0800] "GET / HTTP/1.1" 200 6759 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101Firefox/14.0.1" 192.168.4.33
ubuntu2 (Firefox)
10.0.100.82 - - [10/Aug/2012:10:41:43 +0800] "GET / HTTP/1.1" 200 6762 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101
Firefox/14.0.1" 192.168.4.35
5 总结
a Windows xp/2003 等等winows 系统下浏览器留下的 agent信息不同。
b Linux Ubuntu 12.04 系统下浏览器留下的 agent 信息是相同的。
c 对于防小型ddos或者cc,有一定的作用,但是会造成"误杀"(如例子中的Ubuntu )。