Accept cookies for analytics, social media, and advertising, or learn more and adjust your preferences. These cookies are on by default for visitors outside the UK and EEA. Privacy Notice.
ngx_http_rdns_module - enables reverse DNS (rDNS) lookups for incoming connections and provides simple access control of incoming hostname by allow/deny rules (similar to HttpAccessModule allow/deny directives; regular expressions are supported). Module works with the DNS server defined by the standard resolver directive.
rdns
can be used inside if
blocks);You can get the module on GitHub
Note
This module is not distributed with NGINX source. See the installation instructions.
Syntax: | rdns [ on | off | double ] |
---|---|
Default: | none |
Context: | http, server, location, if-in-server, if-in-location |
Phase: | rewrite |
Enables/disables rDNS lookups.
on : | enable rDNS lookup in this context. |
---|---|
off : | disable rDNS lookup in this context. |
double : | enable double DNS lookup in this context. If the reverse lookup (rDNS request) succeeded, module performs a forward lookup (DNS request) for its result. If this forward lookup has failed or none of the forward lookup IP addresses have matched the original address, $rdns_hostname is set to not found . |
The $rdns_hostname variable may have:
not found
if not found or error occurred during request;-
if lookup disabled.After performing a lookup, module restarts request handling pipeline to make new $rdns_hostname variable value visible to other directives.
Note
Internally, in server’s or location’s if
, module works through rewrite module codes. When any enabling directive (on
or double
) are executed for the first time, it enables DNS lookup and makes a break (to prevent executing further directives in this if
). After the lookup is done, directives in if
using rewrite module codes are executed for the second time, without any breaks. Disabling directive (off
) makes no breaks.
Core module resolver should be defined to use this directive.
Syntax: | rdns_allow regex |
---|---|
Default: | none |
Context: | http, server, location |
Phase: | access |
Grants access for domain matched by regular expression.
Syntax: | rdns_deny regex |
---|---|
Default: | none |
Context: | http, server, location |
Phase: | access |
Forbids access for domain matched by regular expression.
Note
The rdns_allow
and rdns_deny
directives define a new access list for the context in which they are used.
Access list inheritance in contexts works only if child context doesn’t define own rules.
Making rDNS requests in named locations isn’t supported and may invoke a loop. For example:
server {
rdns on;
location / {
echo_exec @foo;
}
location @foo {
#...
}
}
Being in a named location and restarting request handling pipeline, NGINX continue its request handling in usual (unnamed) location. That’s why this example will make a loop if you don’t disable the module in your named location. The correct config for this example should be as follows:
server {
rdns on;
location / {
echo_exec @foo;
}
location @foo {
rdns off;
#...
}
}
Get source code from GitHub and follow common 3rd party modules instructions.
The original version of this module has been designed by Dmitry Stolyarov, written by Timofey Kirillov, CJSC Flant.