在 nginx.conf 底下加上:
QUOTE:
## Add here all HTTP method allowed map $request_method $bad_method { default 1; ~(?i)(GET|HEAD|POST) 0; } ## Add here all user agents that are to be blocked. map $http_user_agent $bad_bot { default 0; ~(?i)(httrack|WinHTTrack|htmlparser|libwww|Python|perl|urllib|Zeus|scan|Curl|email|PycURL|Pyth|PyQ|WebCollector|WebCopier|WebCopy|webcraw|LWP: :simple|Havij) 1; } ## Add here all referrers that are to blocked. map $http_referer $bad_referer { default 0; ~(?i)(babes|click|forsale|jewelry|nudit|organic|poker|porn|amnesty|poweroversoftware|webcam|zippo|casino|replica) 1; }
然後在 site-available/www.adj.idv.tw 底下加上
QUOTE:
## Request-range protection fix. if ($http_range ~ "(?:d*s*-s*d*s*,s*){5,}") { return 416; } ## Deny access based on HTTP method if ($bad_method = 1) { return 444; } ## Deny access based on the User-Agent header if ($bad_bot = 1) { return 403; } ## Deny access based on the Referer header if ($bad_referer = 1) { return 403; }
最後要提的是, UserAgent 無法全部擋, 因為一般的砍站軟體,可以偽裝User Agent, , 用假 HTTP Header,所以 防的了一時, 防不了一世 ^_^
參考資料:
http://clip.artchiu.org/2014/08/13/nginx-testcookie-nginx-module/
http://www.cyberciti.biz/faq/unix-linux-appleosx-bsd-nginx-block-user-agent/