# EDIT THIS FILE AS YOU LIKE TO BLACKLIST OR WHITELIST ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR # **************************************************************************************************** # THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR USER-AGENTS # VERSION INFORMATION # #---------------------- # Version: V4.2019.08 # Updated: 2019-07-05 #---------------------- # VERSION INFORMATION # ############################################################################## # _ __ _ # # / |/ /__ _(_)__ __ __ # # / / _ `/ / _ \\ \ / # # /_/|_/\_, /_/_//_/_\_\ # # __/___/ __ ___ __ ___ __ __ # # / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ # # / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ # # /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ # # # ############################################################################## # Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block or whitelist. # This is for User-Agents that are not included in the main list of the bot blocker # This file must exist on your system or Nginx will fail a reload due to a missing file # This allows you finer control of keeping certain bots blocked and automatic updates will # Never be able to remove this custom list of yours # Please note this include file loads first before any of the already whitelisted User-Agents # in the bad bot blocker. By loading first in line it over-rides anything below it so for instance # if you want to block Baidu, Google or Bing for any reason you add them to this file which loads # first and takes precedence over anything below it. This now allows even finer control over the # bad bot blocker. Enjoy !!! # Even though this file is called blacklist-user-agents, as mentioned it can also be used to whitelist user agents # By adding them below and setting the 3; to 0; this will permanently whitelist the User-Agent. # Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below. # Example the User-Agent name "someverybaduseragentname1" is entered as "(?:\b)someverybaduseragentname1(?:\b)" # Example the User-Agent name "some-very-bad-useragentname2" is entered as "(?:\b)some\-very\-bad\-useragentname1(?:\b)" # the "(?:\b)" and "(?:\b)" are word boundaries which prevents partial matching and false positives. # BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED # --------------------- # WHITELISTING EXAMPLES # --------------------- # "~*(?:\b)someverygooduseragentname1(?:\b)" 0; # "~*(?:\b)someverygooduseragentname2(?:\b)" 0; # "~*(?:\b)some\-very\-good\-useragentname2(?:\b)" 0; # --------------------- # BLACKLISTING EXAMPLES # --------------------- # "~*(?:\b)someverybaduseragentname1(?:\b)" 3; # "~*(?:\b)someverybaduseragentname2(?:\b)" 3; # "~*(?:\b)some\-very\-bad\-useragentname2(?:\b)" 3; # Here are some default things I block on my own server, these appear in various types of injection attacks # You can disable them if you have problems or don't agree by switching thir value to 0 or moving them into the whitelist section first and then making their value 0 # ------------ # MY WHITELIST # ------------ # ------------ # MY BLACKLIST # ------------ "~*(?:\b)x22(?:\b)" 3; "~*(?:\b){|}(?:\b)" 3; "~*(?:\b)mb_ereg_replace(?:\b)" 3; "~*(?:\b)file_put_contents(?:\b)" 3;