# Author/Copyright: Mitchell Krog - https://github.com/mitchellkrogza/ # VERSION INFORMATION # #---------------------- # Version: V5.2024.04 # Updated: 2024-04-30 #---------------------- # VERSION INFORMATION # ############################################################################## # _ __ _ # # / |/ /__ _(_)__ __ __ # # / / _ `/ / _ \\ \ / # # /_/|_/\_, /_/_//_/_\_\ # # __/___/ __ ___ __ ___ __ __ # # / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # # / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # # /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # # # ############################################################################## # Include this in a vhost file within a server {} block using and include statement like below # Place it near the top of your server {} block before any location / statements and it will block everywhere on your site. # server { # #Config stuff here # include /etc/nginx/bots.d/blockbots.conf # include /etc/nginx/bots.d/ddos.conf # #Other config stuff here # } ####################################################################### # ----------------------------------- # OVER-RIDE BLOCKER / SUPER WHITELIST # ----------------------------------- # In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker. # This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked. # More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)" # If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block. # UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST #if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) { #set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s) #set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s) #} # -------------- # BLOCK BAD BOTS # -------------- #limit_conn bot1_connlimit 100; #limit_req zone=bot1_reqlimitip burst=50; limit_conn bot2_connlimit 10; limit_req zone=bot2_reqlimitip burst=10; # Uncomment below lines for super rate limiting feature #limit_conn bot4_connlimit 10; #limit_req zone=bot4_reqlimitip burst=10; if ($bad_bot = '3') { return 444; } # --------------------- # BLOCK BAD REFER WORDS # --------------------- if ($bad_words) { return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time } # ------------------ # BLOCK BAD REFERERS # ------------------ if ($bad_referer) { return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time } # ----------------------------- # BLOCK IP ADDRESSES and RANGES # ----------------------------- if ($validate_client) { return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time }