Skip to content

Blocking access by user agent in Nginx

How to block access by user agent in Nginx. In this configuration, i will use ngx_http_map_module.

Inside http section:

include /etc/nginx/blacklist;

Inside server section (virtual host). We will return 444 status code.

if ($block_ua) {
        return 444;

The blacklist file (example)

map $http_user_agent $block_ua {
        default           0;
        ~*profound        1;
        ~*scrapyproject   1;
        ~*netcrawler      1;
        ~*nmap            1;
	~*sqlmap	  1;
	~*slowhttptest	  1;
	~*nikto		  1;
	~*jersey	  1;
	~*brandwatch	  1;
	~*magpie-crawler  1;
	~*mechanize	  1;
	~*python-requests 1;
	~*redback	  1;

For testing:

aelius@macbook:~$ curl --head -A "profound"
curl: (52) Empty reply from server

What is http status 444 ?

A non-standard status code used to instruct nginx to close the connection without sending a response to the client, most commonly used to deny malicious or malformed requests.

Published inFreeBSDLinuxSecurityWebservers