# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/

# VERSION INFORMATION #
#----------------------
# Version: V5.2024.04
# Updated: 2024-04-30
#----------------------
# VERSION INFORMATION #

##############################################################################                                                                
#       _  __     _                                                          #
#      / |/ /__ _(_)__ __ __                                                 #
#     /    / _ `/ / _ \\ \ /                                                 #
#    /_/|_/\_, /_/_//_/_\_\                                                  #
#       __/___/      __   ___       __     ___  __         __                #
#      / _ )___ ____/ /  / _ )___  / /_   / _ )/ /__  ____/ /_____ ____      #
#     / _  / _ `/ _  /  / _  / _ \/ __/  / _  / / _ \/ __/  '_/ -_) __/      #
#    /____/\_,_/\_,_/  /____/\___/\__/  /____/_/\___/\__/_/\_\\__/_/         #
#                                                                            #
##############################################################################                                                                

# Include this in a vhost file within a server {} block using and include statement like below
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.

# server {
#			#Config stuff here
#			include /etc/nginx/bots.d/blockbots.conf
#			include /etc/nginx/bots.d/ddos.conf
#			#Other config stuff here
#		 }

#######################################################################

# -----------------------------------
# OVER-RIDE BLOCKER / SUPER WHITELIST
# -----------------------------------
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.

# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
    #set $bad_bot  '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
    #set $validate_client '0'; #Uncommenting this line will disable validate_client  ip blocking functionality for specified IP(s)
#}

# --------------
# BLOCK BAD BOTS
# --------------

#limit_conn bot1_connlimit 100;
#limit_req  zone=bot1_reqlimitip burst=50;

limit_conn bot2_connlimit 10;
limit_req  zone=bot2_reqlimitip burst=10;

# Uncomment below lines for super rate limiting feature 
#limit_conn bot4_connlimit 10;
#limit_req  zone=bot4_reqlimitip burst=10;

if ($bad_bot = '3') {
  return 444;
}

# ---------------------
# BLOCK BAD REFER WORDS
# ---------------------

if ($bad_words) {
  return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}

# ------------------
# BLOCK BAD REFERERS
# ------------------

if ($bad_referer) {
  return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}

# -----------------------------
# BLOCK IP ADDRESSES and RANGES
# -----------------------------

if ($validate_client) {
  return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}