Add bad bot block list
This commit is contained in:
parent
0d87bf0d97
commit
5fdb1a9f7b
4 changed files with 24 additions and 0 deletions
|
@ -35,3 +35,12 @@ You can also limit the number of [connection](https://docs.nginx.com/nginx/admin
|
||||||
| Zone name | Filter | Limit |
|
| Zone name | Filter | Limit |
|
||||||
|--|--|--|
|
|--|--|--|
|
||||||
| `con_ip_one` | IP address | No default limit |
|
| `con_ip_one` | IP address | No default limit |
|
||||||
|
|
||||||
|
## Bad Bot Blocker
|
||||||
|
|
||||||
|
This roles uses a deny list from the [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker) repository.
|
||||||
|
|
||||||
|
Include the list in your `server` block with:
|
||||||
|
```Shell
|
||||||
|
if ($bad_bots = 1) {return 444;}
|
||||||
|
```
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
dhparam_path: /etc/ssl/private/dhparam.pem
|
dhparam_path: /etc/ssl/private/dhparam.pem
|
||||||
|
|
||||||
|
bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list
|
||||||
|
|
|
@ -4,6 +4,10 @@
|
||||||
path: "{{ dhparam_path }}"
|
path: "{{ dhparam_path }}"
|
||||||
size: "{{ dhparam_size | default(4096) }}"
|
size: "{{ dhparam_size | default(4096) }}"
|
||||||
|
|
||||||
|
- name: "Configuration | Get bad user agents"
|
||||||
|
ansible.builtin.shell: "curl {{ bad_user_agents_url }}"
|
||||||
|
register: bad_user_agents
|
||||||
|
|
||||||
- name: "Configuration | Copy main configuration"
|
- name: "Configuration | Copy main configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: nginx.conf.j2
|
src: nginx.conf.j2
|
||||||
|
@ -28,6 +32,7 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- bad_clients.conf
|
- bad_clients.conf
|
||||||
|
- bad_bots.conf
|
||||||
- reverse_proxy.conf
|
- reverse_proxy.conf
|
||||||
- ssl.conf
|
- ssl.conf
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
8
templates/bad_bots.conf.j2
Normal file
8
templates/bad_bots.conf.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# Manages by Ansible
|
||||||
|
|
||||||
|
map $http_user_agent $bad_bots {
|
||||||
|
default 0;
|
||||||
|
{% for user_agent in bad_user_agents.stdout_lines %}
|
||||||
|
"~*{{ user_agent }}" 1;
|
||||||
|
{% endfor %}
|
||||||
|
}
|
Loading…
Reference in a new issue