mirror of
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker.git
synced 2025-09-10 15:34:24 +00:00
V4.2019.06.1634 [ci skip]
This commit is contained in:
Travis
parent
6fac493778
commit
8125dcded8
39 changed files with 19498 additions and 2085 deletions
|
|
@ -38,10 +38,11 @@
|
|||
# More IP's can be added example > "(127.0.0.1)|(192.168.0.1)|(192.168.1.1)"
|
||||
# If you even blacklisted 127.0.0.1 or your own IP by giving it a value of 1 in any of the includes, this will over-ride that block.
|
||||
|
||||
if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
|
||||
# UNCOMMENT THE NEXT 4 LINES TO ACTIVATE THE SUPER WHITELIST
|
||||
#if ($remote_addr ~ "(127.0.0.1)|(192.168.0.1)" ) {
|
||||
#set $bad_bot '0'; #Uncommenting this line will disable bad_bots functionality for specified IP(s)
|
||||
#set $validate_client '0'; #Uncommenting this line will disable validate_client ip blocking functionality for specified IP(s)
|
||||
}
|
||||
#}
|
||||
|
||||
# --------------
|
||||
# BLOCK BAD BOTS
|
||||
|
|
|
|||
|
|
@ -33,4 +33,4 @@
|
|||
# 111.111.111.111 0;
|
||||
|
||||
|
||||
35.192.85.2 0;
|
||||
34.66.178.120 0;
|
||||
|
|
|
|||
|
|
@ -1,22 +1,21 @@
|
|||
### **********************************
|
||||
### THE ULTIMATE NGINX BAD BOT BLOCKER
|
||||
### **********************************
|
||||
|
||||
### !!!!!!!!!!!!!
|
||||
### TEST TEMPLATE
|
||||
### THIS VERSION IS USED FOR TESTING ANY POTENTIAL BREAKING CHANGES
|
||||
### !!!!!!!!!!!!!
|
||||
|
||||
### -----------------------------------------------------------
|
||||
### THE NGINX ULTIMATE BAD BOT, BAD IP AND BAD REFERRER BLOCKER
|
||||
### -----------------------------------------------------------
|
||||
|
||||
### VERSION INFORMATION #
|
||||
###################################################
|
||||
### Version: V3.2019.06.1633
|
||||
### Updated: Thu Jun 27 09:10:21 SAST 2019
|
||||
### Version: V3.2019.06.1634
|
||||
### Updated: Thu Jun 27 10:50:26 SAST 2019
|
||||
### Bad Referrer Count: 6713
|
||||
### Bad Bot Count: 556
|
||||
###################################################
|
||||
### VERSION INFORMATION ##
|
||||
|
||||
### --------------------------------------------
|
||||
### HELP SUPPORT THIS PROJECT - Send Me a Coffee
|
||||
### https://ko-fi.com/mitchellkrog
|
||||
### --------------------------------------------
|
||||
|
||||
##############################################################################
|
||||
# _ __ _ #
|
||||
# / |/ /__ _(_)__ __ __ #
|
||||
|
|
@ -34,12 +33,16 @@
|
|||
### and also has rate limiting functionality for bad bots who you only want to rate limit
|
||||
### and not actually block out entirely. It is very powerful and also very flexible.
|
||||
|
||||
### --------------------------------------------------------------------------
|
||||
### Created By: https://github.com/mitchellkrogza/
|
||||
### Repo Url: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
|
||||
### Copyright Mitchell Krog - <mitchellkrog@gmail.com>
|
||||
### Contributors: Stuart Cardall - https://github.com/itoffshore
|
||||
### --------------------------------------------------------------------------
|
||||
|
||||
### --------------------------------------------------------------------------
|
||||
### Tested on: nginx/1.10.3 up to latest Mainstream Version (Ubuntu 16.04)
|
||||
### --------------------------------------------------------------------------
|
||||
|
||||
### This list was developed and is in use on a live Nginx server running some very busy web sites.
|
||||
### It was built from the ground up using real data from daily logs and is updated almost daily.
|
||||
|
|
@ -47,9 +50,9 @@
|
|||
### spam referrers, rogue IP address, scanners, scrapers and domain hijacking sites are extensively checked
|
||||
### before they are added. It is monitored extensively for any false positives.
|
||||
|
||||
### *********
|
||||
### ---------
|
||||
### Features:
|
||||
### *********
|
||||
### ---------
|
||||
### Clear formatting for Ease of Maintenance.
|
||||
### Alphabetically ordered lists for Ease of Maintenance.
|
||||
### Extensive Commenting for Ease of Reference.
|
||||
|
|
@ -60,40 +63,38 @@
|
|||
### IP range blocking / whitelisting.
|
||||
### Rate Limiting Functions.
|
||||
|
||||
### ************
|
||||
### ------------
|
||||
### INSTALLATION
|
||||
### ************
|
||||
### ------------
|
||||
|
||||
### PLEASE use the install, setup and update scripts provided for you to ease your installation.
|
||||
### This Auto Installation procedure is documented in the README.md and AUTO-CONFIGURATION.md files.
|
||||
### Installation, Setup and Update Scripts Contributed by Stuart Cardall - https://github.com/itoffshore
|
||||
### There are also manual configuration instructions provided for those not wishing to do an auto install.
|
||||
|
||||
### ***********************************************
|
||||
### -----------------------------------------------
|
||||
### !!!!! PLEASE READ INLINE NOTES ON TESTING !!!!!
|
||||
### ***********************************************
|
||||
### -----------------------------------------------
|
||||
|
||||
### Note that:
|
||||
### SETTINGS:
|
||||
### ---------------------------------------------
|
||||
### 0 = allowed - no limits
|
||||
### 1 = allowed or rate limited less restrictive
|
||||
### 2 = rate limited more
|
||||
### 3 = block completely
|
||||
### ---------------------------------------------
|
||||
|
||||
### ************************************************************
|
||||
### ------------------------------------------------------------
|
||||
### CONTRIBUTING / PULL REQUESTS / ADDING YOUR OWN BAD REFERRERS
|
||||
### ************************************************************
|
||||
### ------------------------------------------------------------
|
||||
|
||||
### For contributing, corrections or adding bots or referrers to this repo,
|
||||
### Send a Pull Request (PR) on any of the .list files in the _generator_lists folder
|
||||
### All Pull Requests will be checked for accuracy before being merged.
|
||||
|
||||
# *********************************
|
||||
# FIRST BLOCK BY USER-AGENT STRINGS
|
||||
# *********************************
|
||||
|
||||
# ***********************
|
||||
# -----------------------
|
||||
# !!!!! PLEASE TEST !!!!!
|
||||
# ***********************
|
||||
# -----------------------
|
||||
|
||||
# ALWAYS test any User-Agent Strings you add here to make sure you have it right
|
||||
# Use a Chrome Extension called "User-Agent Switcher for Chrome" where you can create your
|
||||
|
|
@ -104,36 +105,46 @@
|
|||
# curl -I http://www.yourdomain.com -A "GoogleBot" ---- GIVES YOU: HTTP/1.1 200 OK (Meaning web page was served to Client)
|
||||
# curl -I http://www.yourdomain.com -A "80legs" ---- GIVES YOU: curl: (52) Empty reply from server (Meaning Nginx gave a 444 Dropped Connection)
|
||||
|
||||
# In this section we allow/disallow specific User Agents / Bots.
|
||||
|
||||
# *********************************************************************
|
||||
# Now we map all good and bad user agents to a variable called $bad_bot
|
||||
# *********************************************************************
|
||||
# =======================
|
||||
# START BLOCKER FUNCTIONS
|
||||
# =======================
|
||||
|
||||
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
# DO NOT EDIT ANYTHING BELOW THIS LINE !!!
|
||||
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
# =============================
|
||||
# BEGIN SECTION 1 - USER-AGENTS
|
||||
# =============================
|
||||
|
||||
# ALLOW / BLOCK User Agents / Bots
|
||||
|
||||
# -------------------------------------------------------------------
|
||||
# Map all GOOD and BAD UA (User Agents) to a variable called $bad_bot
|
||||
# -------------------------------------------------------------------
|
||||
|
||||
map $http_user_agent $bad_bot {
|
||||
|
||||
default 0;
|
||||
|
||||
# ***********************************************
|
||||
# Include your Own Custom List of Bad User Agents
|
||||
# ***********************************************
|
||||
|
||||
# Use the include file below to further customize your own list of additional user-agents you wish to permanently block
|
||||
# This include file allows whitelisting and blacklisting of anything specified below it, meaning you can over-ride anything in this blocker to your liking.
|
||||
|
||||
# ***********************************************************************************
|
||||
# -----------------------------------------------------------------------------------
|
||||
# START CUSTOM BLACKLISTED USER AGENTS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ***********************************************************************************
|
||||
# -----------------------------------------------------------------------------------
|
||||
|
||||
# Include your Own Custom List of Bad User Agents
|
||||
# Use the include file below to further customize your own list of additional user-agents you wish to permanently block
|
||||
# This include file allows whitelisting and blacklisting of anything specified below it.
|
||||
# This include file alows you to over-ride any Bad / Good UA (Bot) declared in this blocker to your liking.
|
||||
|
||||
include /etc/nginx/bots.d/blacklist-user-agents.conf;
|
||||
|
||||
# *********************************************************************************
|
||||
# ---------------------------------------------------------------------------------
|
||||
# END CUSTOM BLACKLISTED USER AGENTS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# *********************************************************************************
|
||||
# ---------------------------------------------------------------------------------
|
||||
|
||||
# *********************************************
|
||||
# Bad User-Agent Strings That We Block Outright
|
||||
# *********************************************
|
||||
# --------------------------------------------------
|
||||
# BAD UA (User-Agent) Strings That We Block Outright
|
||||
# --------------------------------------------------
|
||||
|
||||
# START BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
"~*(?:\b)360Spider(?:\b|)" 3;
|
||||
|
|
@ -694,9 +705,16 @@ map $http_user_agent $bad_bot {
|
|||
"~*(?:\b)ZyBorg(?:\b|)" 3;
|
||||
# END BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# ***********************************************
|
||||
# Allow Good User-Agent Strings We Know and Trust
|
||||
# ***********************************************
|
||||
# --------------------------------------------
|
||||
# GOOD UA User-Agent Strings We Know and Trust
|
||||
# --------------------------------------------
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# You can over-ride these in /etc/nginx/bots.d/blacklist-user-agents.conf
|
||||
# by adding the same UA line there and chaning its value of 1
|
||||
# If you think GoogleBot is bad you would simply add them to
|
||||
# blacklist-user-agents.conf with a value of 1
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
# START GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
"~*(?:\b)adidxbot(?:\b|)" 0;
|
||||
|
|
@ -733,12 +751,13 @@ map $http_user_agent $bad_bot {
|
|||
"~*(?:\b)yahoo(?:\b|)" 0;
|
||||
# END GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# ***************************************************
|
||||
# User-Agent Strings Allowed Through but Rate Limited
|
||||
# ***************************************************
|
||||
# --------------------------------------------------------
|
||||
# GOOD UA User-Agent Rate Limiting 1 - Disabled by Default
|
||||
# --------------------------------------------------------
|
||||
|
||||
# Some people block libwww-perl, it used widely in many valid (non rogue) agents
|
||||
# I allow libwww-perl as I use it for monitoring systems with Munin but it is rate limited
|
||||
# TO ACTIVATE THIS RATE LIMITING Uncomment these two lines in blockbots.conf
|
||||
#limit_conn bot1_connlimit 100;
|
||||
#limit_req zone=bot1_reqlimitip burst=50;
|
||||
|
||||
# START ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
"~*(?:\b)jetmon(?:\b|)" 1;
|
||||
|
|
@ -749,9 +768,14 @@ map $http_user_agent $bad_bot {
|
|||
"~*(?:\b)Wget/1.15(?:\b|)" 1;
|
||||
# END ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# **************************************************************
|
||||
# Rate Limited User-Agents who get a bit aggressive on bandwidth
|
||||
# **************************************************************
|
||||
# -------------------------------------------------------
|
||||
# GOOD UA User-Agent Rate Limiting 2 - Enabled by Default
|
||||
# -------------------------------------------------------
|
||||
|
||||
# -----------------------------------------------------------------------
|
||||
# You can over-ride these in /etc/nginx/bots.d/blacklist-user-agents.conf
|
||||
# by adding the same UA line there and chaning its value of 1
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
# START LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
"~*(?:\b)Alexa(?:\b|)" 2;
|
||||
|
|
@ -774,163 +798,186 @@ map $http_user_agent $bad_bot {
|
|||
# END LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
}
|
||||
|
||||
|
||||
# *****************************************
|
||||
# SECOND BLOCK BY REFERRER STRINGS AND URLS
|
||||
# *****************************************
|
||||
# ===========================
|
||||
# END SECTION 1 - USER-AGENTS
|
||||
# ===========================
|
||||
|
||||
# *****************
|
||||
# =======================================
|
||||
# BEGIN SECTION 2 - REFERRERS AND DOMAINS
|
||||
# =======================================
|
||||
|
||||
# ----------------
|
||||
# PLEASE TEST !!!!
|
||||
# *****************
|
||||
|
||||
# ----------------
|
||||
# ------------------------------------------------------------------------------------------------------------------------------
|
||||
# ALWAYS test referrers that you add. This is done manually as follows
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------
|
||||
# curl -I http://www.yourdomain.com -e http://anything.adcash.com --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e http://www.goodwebsite.com/not-adcash --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e http://www.betterwebsite.com/not/adcash --- GIVES YOU: curl: (52) Empty reply from server
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------
|
||||
# curl -I http://www.yourdomain.com -e http://www.google.com --- GIVES YOU: full html output of the web page
|
||||
# curl -I http://www.yourdomain.com -e http://www.microsoft.com --- GIVES YOU: full html output of the web page
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------
|
||||
# Because of case-insensitive matching any combination of capitilization in the names will all produce a positive hit
|
||||
# make sure you always test thoroughly and monitor logs. This section below also does NOT check for a preceding www.
|
||||
# and it also does not care if the referrer request was sent with http https or even ftp.
|
||||
# ------------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
# ***********************************************************************
|
||||
# Now we map all bad referrer words below to a variable called $bad_words
|
||||
# ***********************************************************************
|
||||
# ----------------------------------------------------------------
|
||||
# Map all BAD referrer words below to a variable called $bad_words
|
||||
# ----------------------------------------------------------------
|
||||
|
||||
# --------------------------------
|
||||
# START Bad Referrer Word Scanning
|
||||
# --------------------------------
|
||||
|
||||
map $http_referer $bad_words {
|
||||
default 0;
|
||||
|
||||
# **************************
|
||||
# Bad Referrer Word Scanning
|
||||
# **************************
|
||||
|
||||
# -------------------------------------------------------------------------------------------
|
||||
# These are Words and Terms often found tagged onto domains or within url query strings.
|
||||
# Create and Customize Your Own Bad Referrer Words Here using the new Include File Method
|
||||
# New Method Uses the include file below so that when pulling future updates your
|
||||
# customized list of bad referrer words are automatically now included for you
|
||||
# Read Comments inside bad-referrer-words.conf for customization tips.
|
||||
# Updating the main globalblacklist.conf file will not touch your custom include files
|
||||
# BE VERY CAREFUL using the bad-referrer-words.conf file - please read the comment and
|
||||
# BE VERY CAREFUL using this bad-referrer-words.conf file - please read the comments and
|
||||
# examples inside the include file for detailed explanations into how seriously this can
|
||||
# affect your own site from serving assets or other innocent sites from accessing your site
|
||||
# For safety sake the whitelist-domains.conf file is also loaded here before the bad-referrer-words.conf file.
|
||||
# For safety sake the whitelist-domains.conf file is also loaded here before the
|
||||
# bad-referrer-words.conf file is loaded.
|
||||
# -------------------------------------------------------------------------------------------
|
||||
|
||||
# ************************************************************************
|
||||
# ------------------------------------------------------------------------
|
||||
# START WHITELISTED DOMAINS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ************************************************************************
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/whitelist-domains.conf;
|
||||
|
||||
# **********************************************************************
|
||||
# ----------------------------------------------------------------------
|
||||
# END WHITELISTED DOMAINS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# **********************************************************************
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
|
||||
# ******************************************************************************
|
||||
# ------------------------------------------------------------------------------
|
||||
# START CUSTOM BAD REFERRER WORDS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ******************************************************************************
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/bad-referrer-words.conf;
|
||||
|
||||
# ****************************************************************************
|
||||
# ----------------------------------------------------------------------------
|
||||
# END CUSTOM BAD REFERRER WORDS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ****************************************************************************
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
}
|
||||
# --------------------------------
|
||||
# END Bad Referrer Word Scanning
|
||||
# --------------------------------
|
||||
|
||||
# *************************
|
||||
# Bad Referrer Domain Names
|
||||
# *************************
|
||||
|
||||
# Now a list of bad referrer urls these domains or any combination of them ie .com .net
|
||||
# will be blocked out. Doesn't matter if the protocol is http, https or even ftp
|
||||
# ----------------------------------------
|
||||
# START Good and Bad Referrer Domain Names
|
||||
# ----------------------------------------
|
||||
|
||||
# -------------------------------------------------------------------------------------
|
||||
# Good and Bad referrer urls Doesn't matter if the protocol is http, https or even ftp
|
||||
# -------------------------------------------------------------------------------------
|
||||
|
||||
# ----------------------
|
||||
# This section includes:
|
||||
# **********************
|
||||
# ----------------------
|
||||
# --------------------------------------------------------------------------------
|
||||
# Blocking of SEO company Semalt.com (now merged into this one section)
|
||||
# MIRAI Botnet Domains Used for Mass Attacks
|
||||
# Other known bad SEO companies and Ad Hijacking Sites
|
||||
# Sites linked to malware, adware, clickjacking and ransomware
|
||||
# Domain names and referrers used in referrer spam and seo hijacking
|
||||
# Whitelisting of your own GOOD domains / referrers
|
||||
# Whitelisting of any other GOOD domains / referrers you want explicitly NOT block
|
||||
# --------------------------------------------------------------------------------
|
||||
|
||||
# *****************
|
||||
# ----------------
|
||||
# PLEASE TEST !!!!
|
||||
# *****************
|
||||
|
||||
# ----------------
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# ALWAYS test referrers that you add. This is done manually as follows
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# curl -I http://www.yourdomain.com -e http://8gold.com --- GIVES YOU: curl: (52) Empty reply from server
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# Because of case-insensitive matching any combination of capitilization will all produce a positive hit - make sure you always test.
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# For Example any of the following variations below of 8gold.com will be detected and blocked
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# curl -I http://www.yourdomain.com -e http://NOT-8gold.com --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e http://this.is.not8gOlD.net --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e ftp://8gold.com --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e ftp://www.weare8gold.NET --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e https://subdomain.8gold.com --- GIVES YOU: curl: (52) Empty reply from server
|
||||
# curl -I http://www.yourdomain.com -e https://NOT8GolD.org --- GIVES YOU: curl: (52) Empty reply from server
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# So if you see a bad referrer from wearegoogle.com and you want to block them just add
|
||||
# them as "~*wearegoogle.com" don't ever go and do something like "~*google(-|.)" you will
|
||||
# kill all your SEO in a week.
|
||||
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
# To add your own custom bad referrers use the custom include file
|
||||
# /etc/nginx/bots.d/custom-bad-referrers.conf
|
||||
# Or send a Pull Request to add it to the global blacklist for other users.
|
||||
|
||||
# In the bad referrers section I also include sites that hotlink images without permission.
|
||||
# ------------------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
# ***********************************************************************
|
||||
# Now we map all good & bad referrer urls to variable called #bad_referer
|
||||
# ***********************************************************************
|
||||
# --------------------------------------------------------------------
|
||||
# Map all good & bad referrer DOMAINS to a variable called bad_referer
|
||||
# --------------------------------------------------------------------
|
||||
|
||||
map $http_referer $bad_referer {
|
||||
hostnames;
|
||||
default 0;
|
||||
|
||||
# *************************************
|
||||
# GOOD REFERRERS - Spared from Checking
|
||||
# *************************************
|
||||
# --------------------------------------------
|
||||
# GOOD REFERRER DOMAINS - Spared from Checking
|
||||
# --------------------------------------------
|
||||
|
||||
# ---------------------------------------------------------------------------------------
|
||||
# Add all your own web site domain names and server names in this section
|
||||
|
||||
# WHITELIST Your Own Domain Names Here using the new Include File Method
|
||||
# New Method Uses the include file below so that when pulling future updates your
|
||||
# whitelisted domain names are automatically now included for you.
|
||||
# Read Comments inside whitelist-domains.conf for customization tips.
|
||||
# Updating the main globalblacklist.conf file will not touch your custom include files
|
||||
# ---------------------------------------------------------------------------------------
|
||||
|
||||
# ************************************************************************
|
||||
# ------------------------------------------------------------------------
|
||||
# START WHITELISTED DOMAINS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ************************************************************************
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/whitelist-domains.conf;
|
||||
|
||||
# **********************************************************************
|
||||
# ----------------------------------------------------------------------
|
||||
# END WHITELISTED DOMAINS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# **********************************************************************
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# ***********************************
|
||||
# -----------------------------------
|
||||
# CUSTOM BAD REFERRERS - Add your Own
|
||||
# ***********************************
|
||||
# -----------------------------------
|
||||
|
||||
# Add any extra bad referrers in the following include file to have them
|
||||
# permanently included and blocked - avoid duplicates in your custom file
|
||||
# custom-bad-referrers.conf is BOTH a BLACKLIST AND WHITELIST
|
||||
# custom-bad-referrers.conf ALLOWS complete over-riding of anything
|
||||
# If you think google.com is bad you would simply add them to
|
||||
# custom-bad-referrers.conf with a value of 1
|
||||
|
||||
# *************************************************************************
|
||||
# -------------------------------------------------------------------------
|
||||
# START CUSTOM BAD REFERRERS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# *************************************************************************
|
||||
# -------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/custom-bad-referrers.conf;
|
||||
|
||||
# ***********************************************************************
|
||||
# -----------------------------------------------------------------------
|
||||
# END CUSTOM BAD REFERRERS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ***********************************************************************
|
||||
# -----------------------------------------------------------------------
|
||||
|
||||
# START BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
"~*(?:\b)000free\.us(?:\b|)" 1;
|
||||
|
|
@ -7650,26 +7697,24 @@ map $http_referer $bad_referer {
|
|||
# END BAD REFERRERS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
}
|
||||
|
||||
# =====================================
|
||||
# END SECTION 2 - REFERRERS AND DOMAINS
|
||||
# =====================================
|
||||
|
||||
# ***********************************************
|
||||
# WHITELISTING AND BLACKLISTING IP ADDRESS RANGES
|
||||
# ***********************************************
|
||||
# ========================================================================
|
||||
# BEGIN SECTION 3 - WHITELISTING AND BLACKLISTING IP ADDRESSESE AND RANGES
|
||||
# ========================================================================
|
||||
|
||||
# Geo directive to deny and also whitelist certain ip addresses
|
||||
# --------------------------------------------------------------------------------------
|
||||
# Map all GOOD and BAD IP Addresses and Ranges to a variable called geo $validate_client
|
||||
# --------------------------------------------------------------------------------------
|
||||
|
||||
geo $validate_client {
|
||||
|
||||
# ********************
|
||||
# First Our Safety Net
|
||||
# ********************
|
||||
|
||||
# Anything not matching our rules is allowed through with default 0;
|
||||
|
||||
default 0;
|
||||
|
||||
# *************************
|
||||
# Wordpress Theme Detectors
|
||||
# *************************
|
||||
# -------------------------------------
|
||||
# BLOCK known Wordpress Theme Detectors
|
||||
# -------------------------------------
|
||||
|
||||
# START WP THEME DETECTORS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
|
|
@ -7713,10 +7758,11 @@ geo $validate_client {
|
|||
89.36.223.188 1; #www.cuteseotools.net/wordpress-theme-detector
|
||||
# END WP THEME DETECTORS ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# ****************************************
|
||||
# NIBBLER - SEO testing and reporting tool
|
||||
# ****************************************
|
||||
# ----------------------------------------------
|
||||
# BLOCK NIBBLER - SEO testing and reporting tool
|
||||
# ----------------------------------------------
|
||||
# See - http://nibbler.silktide.com/
|
||||
# ----------------------------------------------
|
||||
|
||||
# START NIBBLER ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
52.201.238.175 1;
|
||||
|
|
@ -7728,11 +7774,11 @@ geo $validate_client {
|
|||
54.242.250.203 1;
|
||||
# END NIBBLER ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# *********************************************************************************************
|
||||
# KNOWN BAD IP ADDRESSES
|
||||
# Source: https://github.com/mitchellkrogza/Suspicious.Snooping.Sniffing.Hacking.IP.Addresses
|
||||
# A Reliable Daily Updated List Included Below of Known Bad IP Addresses, Snoopers and Sniffers
|
||||
# *********************************************************************************************
|
||||
|
||||
# -----------------------------------------
|
||||
# BLOCK KNOWN BAD IP ADDRESSES
|
||||
# Top known bad IP Adresses from abuseIPDB
|
||||
# -----------------------------------------
|
||||
|
||||
# START KNOWN BAD IP ADDRESSES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
193.32.163.89 1;
|
||||
|
|
@ -17736,11 +17782,9 @@ geo $validate_client {
|
|||
46.101.115.65 1;
|
||||
# END KNOWN BAD IP ADDRESSES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# ****************
|
||||
# Google IP Ranges
|
||||
# ****************
|
||||
|
||||
# For Safety Sake all Google's Known IP Ranges are all white listed
|
||||
# --------------------------
|
||||
# WHITELIST Google IP Ranges
|
||||
# --------------------------
|
||||
|
||||
# START GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
108.177.0.0/17 0;
|
||||
|
|
@ -17768,11 +17812,9 @@ geo $validate_client {
|
|||
74.125.0.0/16 0;
|
||||
# END GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# **************
|
||||
# Bing IP Ranges
|
||||
# **************
|
||||
|
||||
# For Safety Sake all Bing's Known IP Ranges are all white listed
|
||||
# ------------------------
|
||||
# WHITELIST Bing IP Ranges
|
||||
# ------------------------
|
||||
|
||||
# START BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
131.253.21.0/24 0;
|
||||
|
|
@ -17796,11 +17838,9 @@ geo $validate_client {
|
|||
40.96.0.0/12 0;
|
||||
# END BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# ********************
|
||||
# Cloudflare IP Ranges
|
||||
# ********************
|
||||
|
||||
# For Safety Sake all Cloudflare's Known IP Ranges are all white listed
|
||||
# ------------------------------
|
||||
# WHITELIST Cloudflare IP Ranges
|
||||
# ------------------------------
|
||||
|
||||
# START CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
103.21.244.0/22 0;
|
||||
|
|
@ -17827,75 +17867,91 @@ geo $validate_client {
|
|||
2c0f:f248::/32 0;
|
||||
# END CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
||||
|
||||
# *************************************************
|
||||
# Blacklist IP addresses and IP Ranges Customizable
|
||||
# *************************************************
|
||||
# -------------------------------------------------
|
||||
# BLACKLIST IP addresses and IP Ranges Customizable
|
||||
# -------------------------------------------------
|
||||
|
||||
# --------------------------------------------------------------------------------------
|
||||
# BLACKLIST all your IP addresses and Ranges using the new include file below.
|
||||
# New Method Uses the include file below so that when pulling future updates your
|
||||
# Custom Blacklisted IP addresses are automatically now included for you.
|
||||
# Read Comments inside blacklist-ips.conf for customization tips.
|
||||
# Updating the main globalblacklist.conf file will not touch your custom include files
|
||||
# Anything added to blacklist-ips.conf will over-ride anything whitelisted above
|
||||
# --------------------------------------------------------------------------------------
|
||||
|
||||
# ********************************************************************
|
||||
# --------------------------------------------------------------------
|
||||
# START BLACKLISTED IPS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ********************************************************************
|
||||
# --------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/blacklist-ips.conf;
|
||||
|
||||
# ******************************************************************
|
||||
# ------------------------------------------------------------------
|
||||
# END BLACKLISTED IPS ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ******************************************************************
|
||||
# ------------------------------------------------------------------
|
||||
|
||||
# ----------------------------------------------
|
||||
# Whitelist all your OWN IP addresses and Ranges
|
||||
# ----------------------------------------------
|
||||
|
||||
# ***********************************
|
||||
# Whitelist all your OWN IP addresses
|
||||
# ***********************************
|
||||
|
||||
# --------------------------------------------------------------------------------------
|
||||
# WHITELIST all your own IP addresses using the include file below.
|
||||
# New Method Uses the include file below so that when pulling future updates your
|
||||
# whitelisted IP addresses are automatically now included for you.
|
||||
# Read Comments inside whitelist-ips.conf for customization tips.
|
||||
# Updating the main globalblacklist.conf file will not touch your custom include files
|
||||
# whitelist-ips.conf reigns supreme !!!
|
||||
# Whatever you add to whitelist-ips.conf will be whitelisted FULL STOP
|
||||
# Anything blacklisted above this line will be over-ridden by whitelist-ips.conf
|
||||
# --------------------------------------------------------------------------------------
|
||||
|
||||
# **************************************************************************
|
||||
# --------------------------------------------------------------------------
|
||||
# START WHITELISTED IP RANGES ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# **************************************************************************
|
||||
# --------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/whitelist-ips.conf;
|
||||
|
||||
# ************************************************************************
|
||||
# ------------------------------------------------------------------------
|
||||
# END WHITELISTED IP RANGES ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ************************************************************************
|
||||
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
}
|
||||
|
||||
# --------------------------------------------------------------------------------------
|
||||
# WHITELIST your own IPs from the DDOS Filter
|
||||
# Add your own IP addresses and ranges into the custom include file whitelist-ips.conf
|
||||
# to spare them from the rate limiting DDOS filter.
|
||||
# This section includes the same / single whitelist-ips.conf file so you only
|
||||
# need to edit that include file and have it include here for you too.
|
||||
# --------------------------------------------------------------------------------------
|
||||
|
||||
geo $ratelimited {
|
||||
default 1;
|
||||
|
||||
# ***************************************************************************
|
||||
# ---------------------------------------------------------------------------
|
||||
# START WHITELISTED IP RANGES2 ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# ***************************************************************************
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
include /etc/nginx/bots.d/whitelist-ips.conf;
|
||||
|
||||
# *************************************************************************
|
||||
# -------------------------------------------------------------------------
|
||||
# END WHITELISTED IP RANGES2 ### DO NOT EDIT OR REMOVE THIS LINE AT ALL ###
|
||||
# *************************************************************************
|
||||
# -------------------------------------------------------------------------
|
||||
|
||||
}
|
||||
|
||||
# *****************************************
|
||||
# MAP BAD BOTS TO OUR RATE LIMITER FUNCTION
|
||||
# *****************************************
|
||||
# ======================================================================
|
||||
# END SECTION 3 - WHITELISTING AND BLACKLISTING IP ADDRESSESE AND RANGES
|
||||
# ======================================================================
|
||||
|
||||
|
||||
# ============================================
|
||||
# BEGIN SECTION 4 - ACTIVATE BLOCKER FUNCTIONS
|
||||
# ============================================
|
||||
|
||||
# --------------------------------------------
|
||||
# 1. MAP BAD BOTS TO OUR RATE LIMITER FUNCTION
|
||||
# --------------------------------------------
|
||||
|
||||
map $bad_bot $bot_iplimit {
|
||||
0 "";
|
||||
|
|
@ -17903,30 +17959,31 @@ geo $ratelimited {
|
|||
2 $binary_remote_addr;
|
||||
}
|
||||
|
||||
# ***********************
|
||||
# SET RATE LIMITING ZONES
|
||||
# ***********************
|
||||
# --------------------------
|
||||
# 2. SET RATE LIMITING ZONES
|
||||
# --------------------------
|
||||
|
||||
# BAD BOT RATE LIMITING ZONE
|
||||
# limits for Zone $bad_bot = 1
|
||||
# Nothing Set - you can set a different zone limiter here if you like
|
||||
# We issue a 444 response instead to all bad bots.
|
||||
# Rate limiting will only take effect if on any User-Agents with a value of 2
|
||||
|
||||
# limits for Zone $bad_bot = 2
|
||||
# this rate limiting will only take effect if you change any of the bots and change
|
||||
# their block value from 1 to 2.
|
||||
limit_conn_zone $bot_iplimit zone=bot2_connlimit:16m;
|
||||
limit_req_zone $bot_iplimit zone=bot2_reqlimitip:16m rate=6r/m burst=1;
|
||||
|
||||
### *** MAKE SURE TO ADD to your nginx.conf ***
|
||||
### server_names_hash_bucket_size 64;
|
||||
### server_names_hash_max_size 4096;
|
||||
### limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
|
||||
### limit_conn_zone $binary_remote_addr zone=addr:50m;
|
||||
### to allow it to load this large set of domains into memory and to set the rate limiting zones for the DDOS filter.
|
||||
# ==========================================
|
||||
# END SECTION 4 - ACTIVATE BLOCKER FUNCTIONS
|
||||
# ==========================================
|
||||
|
||||
### THE END of the Long and Winding Road
|
||||
# =====================
|
||||
# END BLOCKER FUNCTIONS
|
||||
# =====================
|
||||
|
||||
### Also check out my Ultimate Apache Bad Bot Blocker on Github
|
||||
### https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
|
||||
### --------------------------------------------
|
||||
### HELP SUPPORT THIS PROJECT - Send Me a Coffee
|
||||
### https://ko-fi.com/mitchellkrog
|
||||
### --------------------------------------------
|
||||
|
||||
### FOR APACHE SERVERS
|
||||
### ---------------------------------------------
|
||||
### Check out the Ultimate Apache Bad Bot Blocker
|
||||
### ---------------------------------------------
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue