Skip to content

Commit ef5b2fe

Browse files
trimstraytrimstray
committed
add limiting/blocking user agents
- signed-off-by: trimstray <trimstray@gmail.com>
1 parent 8e75fb4 commit ef5b2fe

File tree

2 files changed

+54
-0
lines changed

2 files changed

+54
-0
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -359,6 +359,8 @@
359359
* [Blocking/allowing IP addresses](doc/HELPERS.md#blockingallowing-ip-addresses)
360360
* [Blocking referrer spam](doc/HELPERS.md#blocking-referrer-spam)
361361
* [Limiting referrer spam](doc/HELPERS.md#limiting-referrer-spam)
362+
* [Blocking User-Agent](doc/HELPERS.md#blocking-user-agent)
363+
* [Limiting User-Agent](doc/HELPERS.md#limiting-user-agent)
362364
* [Limiting the rate of requests with burst mode](doc/HELPERS.md#limiting-the-rate-of-requests-with-burst-mode)
363365
* [Limiting the rate of requests with burst mode and nodelay](doc/HELPERS.md#limiting-the-rate-of-requests-with-burst-mode-and-nodelay)
364366
* [Limiting the rate of requests per IP with geo and map](doc/HELPERS.md#limiting-the-rate-of-requests-per-ip-with-geo-and-map)

doc/HELPERS.md

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,8 @@ Go back to the **[Table of Contents](https://github.com/trimstray/nginx-admins-h
126126
* [Blocking/allowing IP addresses](#blockingallowing-ip-addresses)
127127
* [Blocking referrer spam](#blocking-referrer-spam)
128128
* [Limiting referrer spam](#limiting-referrer-spam)
129+
* [Blocking User-Agent](#blocking-user-agent)
130+
* [Limiting User-Agent](#limiting-user-agent)
129131
* [Limiting the rate of requests with burst mode](#limiting-the-rate-of-requests-with-burst-mode)
130132
* [Limiting the rate of requests with burst mode and nodelay](#limiting-the-rate-of-requests-with-burst-mode-and-nodelay)
131133
* [Limiting the rate of requests per IP with geo and map](#limiting-the-rate-of-requests-per-ip-with-geo-and-map)
@@ -6527,6 +6529,56 @@ HTTP/1.1 200 1.04 secs: 3174 bytes ==> GET /storage/img/header.jpg
65276529
...
65286530
```
65296531
6532+
##### Blocking User-Agent
6533+
6534+
Example 1:
6535+
6536+
```nginx
6537+
# 1) File: /etc/nginx/limits.conf
6538+
map $http_user_agent $invalid_ua {
6539+
6540+
default 0;
6541+
"python-requests" 1;
6542+
6543+
}
6544+
6545+
# 2) Include this file in http context:
6546+
include /etc/nginx/limits.conf;
6547+
6548+
# 3) Turn on in a specific context (e.g. server):
6549+
server_name example.com;
6550+
6551+
if ($invalid_ua) { return 444; }
6552+
6553+
...
6554+
```
6555+
6556+
##### Limiting User-Agent
6557+
6558+
Example 1:
6559+
6560+
```nginx
6561+
# 1) File: /etc/nginx/limits.conf
6562+
map $http_user_agent $limit_ip_key_by_ua {
6563+
6564+
default "";
6565+
"python-requests" $binary_remote_addr;
6566+
6567+
}
6568+
6569+
limit_req_zone $limit_ip_key_by_ua zone=req_for_remote_addr_by_ua:32k rate=10r/m;
6570+
6571+
# 2) Include this file in http context:
6572+
include /etc/nginx/limits.conf;
6573+
6574+
# 3) Turn on in a specific context (e.g. server):
6575+
server_name example.com;
6576+
6577+
limit_req zone=req_for_remote_addr_by_ua burst=2;
6578+
6579+
...
6580+
```
6581+
65306582
##### Limiting the rate of requests with burst mode
65316583
65326584
```nginx

0 commit comments

Comments
 (0)