Blacklist specific user agents in nginx
To configure the user agent blocking list, open your website's nginx configuration file and find the server definitions section. This file may be placed in different places, depending on your nginx configuration or linux version (e.g., /etc/nginx/nginx.conf, /etc/nginx/sites-enabled/
Copy code The code is as follows:
server {
listen 80 default_server;
server_name xmodulo.com;
root /usr/share/nginx/html;
....
}
After opening the configuration file and finding the server section, add the following if statement somewhere within that section.
Copy code The code is as follows:
server {
listen 80 default_server;
server_name xmodulo.com;
root /usr/share/nginx/html;
# Case-sensitive matching
if ($http_user_agent ~ (antivirx|arian) {
return 403;
}
Case-independent matching
Copy code The code is as follows:
if ($http_user_agent ~* (netcrawl|npbot|malicious)) {
return 403; #As you can imagine, these if statements use regular expressions to match any bad user string and return a 403 http status code to the matched object. $http_user_agent is a variable in the http request that contains the user agent string.' The ~' operator does a case-sensitive match against the user-agent string, while the '~*' operator does a case-insensitive match. The '|' operator is a logical OR, so you can put numerous User agent keyword and then block them all.
After modifying the configuration file, you must reload nginx to activate blocking:
$ sudo /path/to/nginx -s reload
$ wget --user-agent "malicious bot" http://<nginx-ip-address>
Since the user agent blacklist will grow very large large, so putting them in the server part of nginx is not a good idea. Instead, you can create a separate file in which you list all blocked user agents. For example, let's create /etc/nginx /useragent.rules and define a map that defines all blocked user agents in the following format.
$ sudo vi /etc/nginx/useragent.rules
;
Similar to the previous configuration, '~*' will match keywords in a case-insensitive manner, while '~' will match keywords using a case-sensitive regular expression. The "default 0" line means that any user agents not listed in other files will be allowed.Next, open the nginx configuration file of your website, find the section containing http, and then add the following line somewhere in the http section.
Copy code code as follows:
Http {
.....
Include /etc/nginx/useraquest.rules
}
....
.
$ sudo /path/to/nginx -s reload
The above is the detailed content of How to intercept specific user agent in Nginx. For more information, please follow other related articles on the PHP Chinese website!