Add bad bot block list

README.md

@@ -35,3 +35,12 @@ You can also limit the number of [connection](https://docs.nginx.com/nginx/admin
 | Zone name | Filter | Limit |
 |--|--|--|
 | `con_ip_one` | IP address | No default limit |
+
+## Bad Bot Blocker
+
+This roles uses a deny list from the [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker) repository.
+
+Include the list in your `server` block with:
+```Shell
+if ($bad_bots = 1) {return 444;}
+```

defaults/main.yaml

@@ -1 +1,3 @@
 dhparam_path: /etc/ssl/private/dhparam.pem
+
+bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list

tasks/configure.yml

@@ -4,6 +4,10 @@
     path: "{{ dhparam_path }}"
     size: "{{ dhparam_size | default(4096) }}"
 
+- name: "Configuration | Get bad user agents"
+  ansible.builtin.shell: "curl {{ bad_user_agents_url }}"
+  register: bad_user_agents
+
 - name: "Configuration | Copy main configuration"
   ansible.builtin.template:
     src: nginx.conf.j2
@@ -28,6 +32,7 @@
     mode: 0644
   loop:
     - bad_clients.conf
+    - bad_bots.conf
     - reverse_proxy.conf
     - ssl.conf
   notify: reload nginx

templates/bad_bots.conf.j2

@@ -0,0 +1,8 @@
+# Manages by Ansible
+
+map $http_user_agent $bad_bots {
+    default 0;
+{% for user_agent in bad_user_agents.stdout_lines %}
+    "~*{{ user_agent }}" 1;
+{% endfor %}
+}