Add bad bot block list

This commit is contained in:
phil 2023-03-11 20:20:42 +01:00
parent 0d87bf0d97
commit 5fdb1a9f7b
4 changed files with 24 additions and 0 deletions

View file

@ -35,3 +35,12 @@ You can also limit the number of [connection](https://docs.nginx.com/nginx/admin
| Zone name | Filter | Limit | | Zone name | Filter | Limit |
|--|--|--| |--|--|--|
| `con_ip_one` | IP address | No default limit | | `con_ip_one` | IP address | No default limit |
## Bad Bot Blocker
This roles uses a deny list from the [nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker) repository.
Include the list in your `server` block with:
```Shell
if ($bad_bots = 1) {return 444;}
```

View file

@ -1 +1,3 @@
dhparam_path: /etc/ssl/private/dhparam.pem dhparam_path: /etc/ssl/private/dhparam.pem
bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list

View file

@ -4,6 +4,10 @@
path: "{{ dhparam_path }}" path: "{{ dhparam_path }}"
size: "{{ dhparam_size | default(4096) }}" size: "{{ dhparam_size | default(4096) }}"
- name: "Configuration | Get bad user agents"
ansible.builtin.shell: "curl {{ bad_user_agents_url }}"
register: bad_user_agents
- name: "Configuration | Copy main configuration" - name: "Configuration | Copy main configuration"
ansible.builtin.template: ansible.builtin.template:
src: nginx.conf.j2 src: nginx.conf.j2
@ -28,6 +32,7 @@
mode: 0644 mode: 0644
loop: loop:
- bad_clients.conf - bad_clients.conf
- bad_bots.conf
- reverse_proxy.conf - reverse_proxy.conf
- ssl.conf - ssl.conf
notify: reload nginx notify: reload nginx

View file

@ -0,0 +1,8 @@
# Manages by Ansible
map $http_user_agent $bad_bots {
default 0;
{% for user_agent in bad_user_agents.stdout_lines %}
"~*{{ user_agent }}" 1;
{% endfor %}
}