vikarti.anatra/nginx-ultimate-bad-bot-blocker
1
0
Fork 0
mirror of https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git synced 2025-09-09 13:55:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removed GHA

Browse source
This commit is contained in:
Mitchell Krog 2021-06-21 15:16:40 +02:00
parent 54fffb70e1
commit 287df5cd4b
No known key found for this signature in database
GPG key ID: E02E9D10427B6A43
447 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

0
dev-tools/beta_conf_files_ratelimiting/.keep
View file

1
dev-tools/beta_conf_files_ratelimiting/bots.d/.keep
View file

@ -1 +0,0 @@
null

75
dev-tools/beta_conf_files_ratelimiting/bots.d/bad-referrer-words.conf
View file

@ -1,75 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD WORDS YOU WANT TO SCAN FOR ###
### VERSION INFORMATION #
###################################################
### Version: V4.2019.07
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to include scanning for bad words within urls or referrer string
# Only add one entry per line
# *******************************
# !!! WARNING WARNING WARNING !!!
# *******************************
# ***************************************
# PLEASE BE VERY CAREFUL HOW YOU USE THIS
# ***************************************
# Here is an example of how one supposed bad word can cause your whole site to go down.
# An issue was logged where the users own domain name was specialisteparquet.com
# Because this list contained the word "cialis" it was detected within his domain name causing
# his entire site to go down and not server any assets.
# That one entry would even cause any site containing a word like "specialist" anywhere in any
# of their sites pages to cause them to be blocked and whitelisting your own domain name in the
# whitelist-domains.conf file will not even bypass this, SO BE CAREFUL PLEASE
# Think very carefully before you add any word here
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# As you can see in the examples below the word "adultgalls" is entered with a preceding \b and an ending \b
# this makes it now "\badultgalls\b". It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# "~*\badultgalls\b" 1;
# "~*\bamateurxpass\b" 1;
# "~*\bbigblackbooty\b" 1;
# "~*\bblacktits\b" 1;
# "~*\bcookie\-law\-enforcement\b" 1;
# "~*\bfree\-share\-buttons\b" 1;
# "~*\bfree\-social\-buttons\b" 1;
# "~*\bfuck\-paid\-share\-buttons\b" 1;
# "~*\bilovevitaly\b" 1;
# "~*\blaw\-enforcement\-bot\b" 1;
# "~*\blaw\-enforcement\-check\b" 1;
# "~*\bshare\-buttons\-for\-free\b" 1;
# "~*\bwebfuck\b" 1;
# "~*\bxxxrus\b" 1;
# "~*\bzeroredirect\b" 1;
"~*(?:\b)thisisabadword(?:\b|)" 1;
"~*(?:\b)thisisanotherbadword(?:\b|)" 1;

45
dev-tools/beta_conf_files_ratelimiting/bots.d/blacklist-domains.conf
View file

@ -1,45 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST YOUR OWN CUSTOM DOMAIN NAMES ###
### VERSION INFORMATION #
###################################################
### Version: V4.2019.05
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own extra domains you want to blacklist.
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myblacklisteddomainname.com should be entered as myfirstowndomainname\.com
# and my-second-blacklisted.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myblacklisteddomainname\.com" is entered with a preceding \b and an ending \b
# this makes it now "\bmyblacklisteddomainname\.com\b". It is crucial to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*\bmyblacklisteddomainname\.com\b" 1;
# "~*\bmy\-second\-blacklisted\.com\b" 1;

2
dev-tools/beta_conf_files_ratelimiting/bots.d/blacklist-ips.conf
View file

@ -1,2 +0,0 @@
34.66.25.221 1;
127.0.0.1 1;

63
dev-tools/beta_conf_files_ratelimiting/bots.d/blacklist-user-agents.conf
View file

@ -1,63 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO BLACKLIST OR WHITELIST ANY BAD USER-AGENT STRINGS YOU WANT TO SCAN FOR
# ****************************************************************************************************
### VERSION INFORMATION #
###################################################
### Version: V3.2018.05
### Updated: 2018-08-21
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all the extra bad User-Agents you want to permanently block or whitelist.
# This is for User-Agents that are not included in the main list of the bot blocker
# This file must exist on your system or Nginx will fail a reload due to a missing file
# This allows you finer control of keeping certain bots blocked and automatic updates will
# Never be able to remove this custom list of yours
# Please note this include file loads first before any of the already whitelisted User-Agents
# in the bad bot blocker. By loading first in line it over-rides anything below it so for instance
# if you want to block Baidu, Google or Bing for any reason you add them to this file which loads
# first and takes precedence over anything below it. This now allows even finer control over the
# bad bot blocker. Enjoy !!!
# Even though this file is called blacklist-user-agents, as mentioned it can also be used to whitelist user agents
# By adding them below and setting the 3; to 0; this will permanently whitelist the User-Agent.
# Make sure any words that contain special characters are escaped and include word boundaries as per the Regex examples below.
# Example the User-Agent name "someverybaduseragentname1" is entered as "\bsomeverybaduseragentname1\b"
# Example the User-Agent name "some-very-bad-useragentname2" is entered as "\bsome\-very\-bad\-useragentname1\b"
# the "\b" are word boundaries which prevents partial matching and false positives.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------------------
# WHITELISTING EXAMPLES
# ---------------------
# "~*\bsomeverygooduseragentname1\b" 0;
# "~*\bsomeverygooduseragentname2\b" 0;
# "~*\bsome\-very\-good\-useragentname2\b" 0;
# ---------------------
# BLACKLISTING EXAMPLES
# ---------------------
# "~*\bsomeverybaduseragentname1\b" 3;
# "~*\bsomeverybaduseragentname2\b" 3;
# "~*\bsome\-very\-bad\-useragentname2\b" 3;
# START MAKE BAD BOTS GOOD ### DO NOT EDIT THIS LINE AT ALL ###
"~*(?:\b)GoogleBot(?:\b|)" 2;
# END MAKE BAD BOTS GOOD ### DO NOT EDIT THIS LINE AT ALL ###

85
dev-tools/beta_conf_files_ratelimiting/bots.d/blockbots.conf
View file

@ -1,85 +0,0 @@
# Author/Copyright: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.04
# Updated: 2019-06-28
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Include this in a vhost file within a server {} block using and include statement like below
# Place it near the top of your server {} block before any location / statements and it will block everywhere on your site.
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
# -----------------------------------
# OVER-RIDE BLOCKER / SUPER WHITELIST
# -----------------------------------
# In this block you can allow any IP address specified here to over-ride any bad bot or IP blocking of the blocker.
# This is useful for testing or allowing only specific IP's (ie. Internal ranges) to never be blocked.
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
#}
# --------------
# BLOCK BAD BOTS
# --------------
# Section bot_1 Unused
#limit_conn bot1_connlimit 100;
#limit_req zone=bot1_reqlimitip burst=50;
limit_conn bot2_connlimit 10;
limit_req zone=bot2_reqlimitip burst=10;
if ($bad_bot = '3') {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ---------------------
# BLOCK BAD REFER WORDS
# ---------------------
if ($bad_words) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# ------------------
# BLOCK BAD REFERERS
# ------------------
if ($bad_referer) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}
# -----------------------------
# BLOCK IP ADDRESSES and RANGES
# -----------------------------
if ($validate_client) {
return 444; # << Response Code Issued May Be Modified to Whatever you Choose ie. 404 but 444 wastes less of Nginxs time
}

62
dev-tools/beta_conf_files_ratelimiting/bots.d/custom-bad-referrers.conf
View file

@ -1,62 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO ADD ANY ADDITIONAL BAD REFERRER DOMAINS YOU WANT TO SCAN FOR ###
# THIS IS BOTH YOUR WHITELIST AND BLACKLIST FOR REFERRERS and DOMAINS
# VERSION INFORMATION #
#----------------------
# Version: V4.2019.09
# Updated: 2019-07-05
#----------------------
# VERSION INFORMATION #
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Only add one entry per line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example some-veryvery-randomwebsitename-thatdoesnotexist4.com should be entered as
# some\-veryvery\-randomwebsitename\-thatdoesnotexist4\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "someveryveryrandomwebsitenamethatdoesnotexist1\.com"
# is entered with a preceding (?:\b) and an ending (?:\b)
# this makes it now "(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)".
# It is crucial to use the word boundaries regex formatting.
# ---------
# EXAMPLES:
# ---------
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist1\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist2\.com(?:\b)" 1;
# "~*(?:\b)someveryveryrandomwebsitenamethatdoesnotexist3\.com(?:\b)" 1;
# "~*(?:\b)some\-veryvery\-randomweb\-sitenamethatdoesnotexist4\.com(?:\b)" 1;
# ------------
# MY WHITELIST
# ------------
# "~*(?:\b)mywebsite\.com(?:\b)" 0;
# ------------
# MY BLACKLIST
# ------------
# "~*(?:\b)someotherwebsite\.com(?:\b)" 1;

36
dev-tools/beta_conf_files_ratelimiting/bots.d/ddos.conf
View file

@ -1,36 +0,0 @@
#######################################################################
### VERSION INFORMATION #
###################################################
### Version: V4.2019.02
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Author: Mitchell Krog <mitchellkrog@gmail.com> - https://github.com/mitchellkrogza/
# Include this in a vhost file within a server {} block using and include statement like below
# server {
# #Config stuff here
# include /etc/nginx/bots.d/blockbots.conf
# include /etc/nginx/bots.d/ddos.conf
# #Other config stuff here
# }
#######################################################################
limit_conn addr 200;
limit_req zone=flood burst=200 nodelay;

47
dev-tools/beta_conf_files_ratelimiting/bots.d/whitelist-domains.conf
View file

@ -1,47 +0,0 @@
# EDIT THIS FILE AS YOU LIKE TO WHITELIST YOUR OWN DOMAIN NAMES AND SPARE THEM FROM ANY REFERRER CHECKING ###
### VERSION INFORMATION #
###################################################
### Version: V4.2019.05
### Updated: 2019-06-24
###################################################
### VERSION INFORMATION ##
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Add One Entry Per Line - List all your own domains of the sites you host on the server
# This file must exist on your system or Nginx will fail a reload due to a missing file
# Automatic updates will never be able to remove this custom list of yours
# Add One Entry Per Line
# Make sure any domains have dots and special characters escaped as per the Regex examples below.
# For example myfirstowndomainname.com should be entered as myfirstowndomainname\.com
# and my-second-owndomainname.com should be entered as my\-second\-owndomainname\.com
# *****************************************************************************************
# PLEASE MAKE SURE that you use word regex boundaries to avoid false positive detection !!!
# *****************************************************************************************
# As you can see in the examples below the domain "myfirstowndomainname\.com" is entered with a preceding \b and an ending \b
# this makes it now "\bmyfirstowndomainname\.com\b". It is crucial to use the word boundaries regex formatting.
# BY DEFAULT ALL THE EXAMPLES BELOW ARE COMMENTED OUT AND HENCE NOT ENABLED
# ---------
# EXAMPLES:
# ---------
# "~*\bmyfirstowndomainname\.com\b" 0;
# "~*\bmy\-second\-owndomainname\.com\b" 0;
"~*(?:\b)myowndomain\.com(?:\b|)" 0;
"~*(?:\b)myotherdomain\.com(?:\b|)" 0;

2
dev-tools/beta_conf_files_ratelimiting/bots.d/whitelist-ips.conf
View file

@ -1,2 +0,0 @@
34.66.25.221 0;
127.0.0.1 0;

1
dev-tools/beta_conf_files_ratelimiting/conf.d/.keep
View file

@ -1 +0,0 @@
null

31
dev-tools/beta_conf_files_ratelimiting/conf.d/botblocker-nginx-settings.conf
View file

@ -1,31 +0,0 @@
##############################################################################
# _ __ _ #
# / |/ /__ _(_)__ __ __ #
# / / _ `/ / _ \\ \ / #
# /_/|_/\_, /_/_//_/_\_\ #
# __/___/ __ ___ __ ___ __ __ #
# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
# #
##############################################################################
# Version 1.1
# ! new directives also to be added to include_filelist.txt ! #
server_names_hash_bucket_size 256;
server_names_hash_max_size 4096;
variables_hash_max_size 4096;
variables_hash_bucket_size 4096;
limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
limit_conn_zone $binary_remote_addr zone=addr:50m;
# ****************************************************************************
# NOTE: IF you are using a system like Nginx-Proxy from @JWilder
# ****************************************************************************
# Repo URL: https://github.com/jwilder/nginx-proxy
# You will need to comment out the first line here as follows.
# #server_names_hash_bucket_size 128;
# You will also need to modify the nginx.tmpl file to add the default include
# include /etc/nginx/conf.d/*
# ****************************************************************************

18639
dev-tools/beta_conf_files_ratelimiting/conf.d/globalblacklist.conf
View file

File diff suppressed because it is too large Load diff

21
dev-tools/beta_conf_files_ratelimiting/default.vhost
View file

@ -1,21 +0,0 @@
server {
listen *:9000;
root /var/www/html;
server_name localhost;
charset UTF-8;
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/bots.d/ddos.conf;
include /etc/nginx/bots.d/blockbots.conf;
index index.html;
location / {
root /var/www/html/;
}
}

93
dev-tools/beta_conf_files_ratelimiting/nginx.conf
View file

@ -1,93 +0,0 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/conf.d/botblocker-nginx-settings.conf;
include /etc/nginx/conf.d/globalblacklist.conf;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}