How do I block a http user agent or a software agent using Nginx web server under Linux or Unix like operating systems?
You can block any http user agents with GET / POST requests that scrape your content or try to exploit software vulnerability. Use the following syntax. Edit /usr/local/nginx/conf/nginx.conf file, enter:
# vi /usr/local/nginx/conf/nginx.conf
In this example, block http user agent called wget:
ADVERTISEMENTS
## Block http user agent - wget ## if ($http_user_agent ~* (Wget) ) { return 403; } ## Block Software download user agents ## if ($http_user_agent ~* LWP::Simple|BBBike|wget) { return 403; } |
Save and close the file. Reload nginx web server, enter:
# service nginx reload
OR
# /usr/local/nginx/sbin/nginx -s reload
How do I block multiple http user agents?
Use the following syntax:
if ($http_user_agent ~ (agent1|agent2|Foo|Wget|Catall Spider|AcoiRobot) ) { return 403; } |
Case insensitive blocking: ~* vs ~
Please note the ~* makes it case insensitive as opposed to just a ~:
### case sensitive http user agent blocking ### if ($http_user_agent ~ (Catall Spider|AcoiRobot) ) { return 403; } ### case insensitive http user agent blocking ### if ($http_user_agent ~* (foo|bar) ) { return 403; } |
See also:
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 10 comments... add one ↓
UP NEXT
How To Patch and Protect Linux Server Against the Glibc GHOST Vulnerability # CVE-2015-0235
How To Set Up PF Firewall on FreeBSD to Protect a Web Server
OpenBSD Command: See PCI Device Information- Linux Network IP Accounting
How To Patch and Protect Linux Kernel Zero Day Vulnerability CVE-2016-0728 [ 19/Jan/2016 ]
Nginx: Allow All But Block Certain POST Request URLS For Selected Spammer IP Address/CIDR
Howto patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
How do you put another condition instead of return? can you deny all and only allow a certain ip/subnet with those user agents to go through?
How do you put another condition instead of return? can you deny all and only allow a certain ip/subnet with those user agents to go through? any example?
i get the following error : “nginx: [emerg] “if” directive is not allowed here in /etc/nginx/nginx.conf:”
any thoughts?
You need to make sure your if statement is in the server block.
Thanks Nigel, that did the trick.
its working perfectly now.
What is server block meaning ?
I got the same problem nginx: [emerg] “if” directive is not allowed here
Question, is how to block a block that spoofs its user-agent, where it’s clear that the user agent is spoofed by the Comments token.
i.e. the following user-agent string:
“Mozilla/5.0 (compatible; ACHE/Unknown Version; +https://github.com/ViDA-NYU/ache; )”
Where we don’t want to be blocking by Mozilla/5.0, but rather want to be blocking by the entire string. (i.e. how to make the instruction look for “ACHE/Unknown Version” within the comments token of the user string.)
Thats the real question, what’s the point of blocking useragent when every bot uses Mozilla/5.0, and after that some random shi.t
Even we block http agent here (in my case its Jorgee) ,
how can we deny it, even without returning 403 for the request.
403 is denying it. It won’t able to do anything else on your server.