You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
3.5 KiB
Plaintext
86 lines
3.5 KiB
Plaintext
3 years ago
|
# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
|
||
|
|
||
|
# VERSION INFORMATION #
|
||
|
#----------------------
|
||
|
# Version: V4.2019.04
|
||
|
# Updated: 2019-06-28
|
||
|
#----------------------
|
||
|
# VERSION INFORMATION #
|
||
|
|
||
|
##############################################################################
|
||
|
# _ __ _ #
|
||
|
# / |/ /__ _(_)__ __ __ #
|
||
|
# / / _ `/ / _ \\ \ / #
|
||
|
# /_/|_/\_, /_/_//_/_\_\ #
|
||
|
# __/___/ __ ___ __ ___ __ __ #
|
||
|
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
|
||
|
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
|
||
|
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
|
||
|
# #
|
||
|
##############################################################################
|
||
|
|
||
|
# Include this in a vhost file within a server {} block using and include statement like below
|
||
|
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.
|
||
|
|
||
|
# server {
|
||
|
# #Config stuff here
|
||
|
# include /etc/nginx/bots.d/blockbots.conf
|
||
|
# include /etc/nginx/bots.d/ddos.conf
|
||
|
# #Other config stuff here
|
||
|
# }
|
||
|
|
||
|
#######################################################################
|
||
|
|
||
|
# -----------------------------------
|
||
|
# OVER-RIDE BLOCKER / SUPER WHITELIST
|
||
|
# -----------------------------------
|
||
|
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
|
||
|
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
|
||
|
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
|
||
|
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
|
||
|
|
||
|
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
|
||
|
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
|
||
|
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
|
||
|
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
|
||
|
#}
|
||
|
|
||
|
# --------------
|
||
|
# BLOCK BAD BOTS
|
||
|
# --------------
|
||
|
|
||
|
# Section bot_1 Unused
|
||
|
#limit_conn bot1_connlimit 100;
|
||
|
#limit_req zone=bot1_reqlimitip burst=50;
|
||
|
|
||
|
limit_conn bot2_connlimit 10;
|
||
|
limit_req zone=bot2_reqlimitip burst=10;
|
||
|
if ($bad_bot = '3') {
|
||
|
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
|
||
|
}
|
||
|
|
||
|
# ---------------------
|
||
|
# BLOCK BAD REFER WORDS
|
||
|
# ---------------------
|
||
|
|
||
|
if ($bad_words) {
|
||
|
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
|
||
|
}
|
||
|
|
||
|
# ------------------
|
||
|
# BLOCK BAD REFERERS
|
||
|
# ------------------
|
||
|
|
||
|
if ($bad_referer) {
|
||
|
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
|
||
|
}
|
||
|
|
||
|
# -----------------------------
|
||
|
# BLOCK IP ADDRESSES and RANGES
|
||
|
# -----------------------------
|
||
|
|
||
|
if ($validate_client) {
|
||
|
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
|
||
|
}
|
||
|
|