≡ Menu

HowTo: Nginx Block User Agent

How do I block a http user agent or a software agent using Nginx web server under Linux or Unix like operating systems?

You can block any http user agents with GET / POST requests that scrape your content or try to exploit software vulnerability. Use the following syntax. Edit /usr/local/nginx/conf/nginx.conf file, enter:
# vi /usr/local/nginx/conf/nginx.conf
In this example, block http user agent called wget:

## Block http user agent - wget ##
if ($http_user_agent ~* (Wget) ) {
   return 403;
}
 
## Block Software download user agents ##
     if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
            return 403;
     }

Save and close the file. Reload nginx web server, enter:
# service nginx reload
OR
# /usr/local/nginx/sbin/nginx -s reload

How do I block multiple http user agents?

Use the following syntax:

if ($http_user_agent ~ (agent1|agent2|Foo|Wget|Catall Spider|AcoiRobot) ) {
    return 403;
}

Case insensitive blocking: ~* vs ~

Please note the ~* makes it case insensitive as opposed to just a ~:

### case sensitive http user agent blocking  ###
if ($http_user_agent ~ (Catall Spider|AcoiRobot) ) {
    return 403;
}
### case insensitive http user agent blocking  ###
if ($http_user_agent ~* (foo|bar) ) {
    return 403;
}

See also:

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 8 comments… add one }
  • sam November 1, 2012, 6:56 pm

    How do you put another condition instead of return? can you deny all and only allow a certain ip/subnet with those user agents to go through?

  • Sam November 1, 2012, 8:49 pm

    How do you put another condition instead of return? can you deny all and only allow a certain ip/subnet with those user agents to go through? any example?

  • cerb April 27, 2014, 7:51 pm

    i get the following error : “nginx: [emerg] “if” directive is not allowed here in /etc/nginx/nginx.conf:”
    any thoughts?

    • Nigel May 7, 2014, 1:57 pm

      You need to make sure your if statement is in the server block.

  • cerb May 22, 2014, 6:55 pm

    Thanks Nigel, that did the trick.
    its working perfectly now.

  • Range December 20, 2014, 8:50 am

    What is server block meaning ?
    I got the same problem nginx: [emerg] “if” directive is not allowed here

  • John Doe May 28, 2016, 4:35 am

    Question, is how to block a block that spoofs its user-agent, where it’s clear that the user agent is spoofed by the Comments token.
    i.e. the following user-agent string:
    “Mozilla/5.0 (compatible; ACHE/Unknown Version; +https://github.com/ViDA-NYU/ache; )”
    Where we don’t want to be blocking by Mozilla/5.0, but rather want to be blocking by the entire string. (i.e. how to make the instruction look for “ACHE/Unknown Version” within the comments token of the user string.)

    • Mark November 10, 2016, 8:06 pm

      Thats the real question, what’s the point of blocking useragent when every bot uses Mozilla/5.0, and after that some random shi.t

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: , , , , , , , , , , , , , , , ,