Nginx anti-theft chain based on UA shielding malicious user agent request (anti-Spider) _nginx

Compared with the Apache,nginx occupies less system resources, more suitable for VPS use. Malicious hotlinking user Agent everywhere, blog replacement to WordPress not a few days, was SPAM (spam message) stare, and was violently cracked backstage username password. Apache has previously introduced the use of the. htaccess Mask malicious user agent, today to introduce Nginx shielding malicious user agent request method.

First Rules & Comments

#禁用未初始化变量警告
Uninitialized_variable_warn off;
#匹配各种 Bad user agent, returns a 403 error
if ($http _user_agent ~* "embeddedwb| nsplayer| Wmfsdk|qunarbot|mj12bot|ahrefsbot| Windows 98| MSIE 6.0; Windows 2000| easouspider| Sogou Web Spider ") {return
403;
}
#匹配POST方法, assign the variable iftemp
if ($request _method ~* "POST") {set $iftemp X;}
#匹配 Bad user agent, assign value to variable iftemp; These ua are mainly spam messages
if ($http _user_agent ~* "MSIE 6.*net| MSIE 7.*net| MSIE 6.*sv1| MSIE 6.0; Windows NT 5.0 ") {
set $iftemp" ${iftemp}y ";
}
#如果变量iftemp符合上面两个条件, returns 403 error
if ($iftemp = XY) {return 403;}

Disable the uninitialized variable warning or write warnings to the error log Error.log as follows

Copy Code code as follows:

2014/09/11 09:21:11 [warn] 18649#0: *132 using uninitialized "iftemp" variable, client:220.181.51.209, SERVER:WWW.WILF.C N, Request: "Get/wp-content/themes/dazzling/inc/fonts/glyphicons-halflings-regular.woff http/1.0", Host: " Www.wilf.cn ", referrer:" http://www.wilf.cn/"
2014/09/11 09:21:11 [warn] 18649#0: *92 using uninitialized "iftemp" variable, client:66.249.79.55, server:www.wilf.cn, Request: "get/page/14?mod=pad&act=view&id=741 http/1.1", Host: "Www.wilf.cn"

The Nginx rule does not support more than 2 conditional judgments, bypassing a path and completing 2 conditional judgments by assigning values to variables two times.

Nginx rules are also used to match strings with regular expressions, to parse logs, and to customize them as needed.

It's time to test the results.

Copy Code code as follows:

183.60.214.51-[10/sep/2014:22:16:18 +0800]-bytes:13507-get/?mod=pad&act=view&id=460 http/1.1-403-–-m ozilla/5.0 (compatible; Easouspider; +http://www.easou.com/search/spider.html)-–-–
220.181.125.169-[11/sep/2014:09:38:15 +0800]-bytes:169-get/page/51?mod=wap&act=addcom&inpid=860 HTTP/1.1 -403-–-sogou Web spider/4.0 (+http://www.sogou.com/docs/help/webmasters.htm#07)-–-–

Easouspider and Sogou web spider are never seen again.