Instructions To Block Bots and Prevent DDOS in Nginx

In this instructional exercise, you will figure out how to hinder terrible bots, referrer spam, and forestall DDOS on your Nginx web server. To achieve this, we will utilize the open-source project called Nginx Ultimate Bad Bot and Referrer Blocker.

Before the finish of this instructional exercise, your Nginx server will hinder undesirable client specialist, spam referrer, adware, malware, ransomware, and clickjackers.

1. Download Nginx Bad Bot Blocker

 

To download the Ultimate Bad Bot Blocker, execute the following commands on your system.

sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker sudo chmod +x /usr/local/sbin/install-ngxblocker sudo install-ngxblocker -x sudo chmod +x /usr/local/sbin/setup-ngxblocker sudo chmod +x /usr/local/sbin/update-ngxblocker sudo setup-ngxblocker -x 

2. Check Proper Placement of Includes

Sometimes, especially if you have an Let’s Encrypt SSL certificate installed, the setup script from above will incorrectly place the includes in your Nginx config file. Make that the “Nginx Bad Bot Blocker Includes” come before the first location block in your config files at

/etc/nginx/sites-available/

 

# configuration of the server server { server_name micro.domains www.micro.domains; root /home/microdomains/public/; ## # Nginx Bad Bot Blocker Includes # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker ## include /etc/nginx/bots.d/ddos.conf; include /etc/nginx/bots.d/blockbots.conf; location /static { alias /home/microdomains/public/static; } ....  

 

3. How to Automatically Update Nginx Bad Bot Blocker

 Execute the

sudo crontab -e

command and add the following statement to automatically update the Nginx Bad Bot Blocker everyday at 10 PM server time. You can optionally add the -e flag and provide an email address for notifications.

00 22 * * * /usr/local/sbin/update-ngxblocker -e you@example.com  

 

4. Configure Nginx Bad Bot Blocker

 

The default rules for Nginx Bad Bot Blocker at located at

/etc/nginx/conf.d/globalblacklist.conf. 

 

Do not edit this file! If you would like to add custom rules, you can in one of the following config files at

/etc/nginx/bots.d/

.

• bad-referrer-words.conf
• blacklist-ips.conf
• blacklist-user-agents.conf
• blockbot.conf
• custom-bad-referreres.conf
• ddos.conf
• whitelist-domains.conf
• whitelist-ips.conf

 

5. Test it Out

From another IP address, you can execute on of the following curl commands to see if the blocker is working. If you get an empty reply from the server, it is working as expected.

curl -A "Xenu Link Sleuth/1.3.8" -I https://micro.domains curl -I https://micro.domains -e http://zx6.ru

As a temporary test, you can also blacklist yourself by adding your IP address to

/etc/nginx/bots.d/blacklist-ips.conf. 

 

After restarting the Nginx server to apply your changes with systemctl restart nginx , when you visit your website, you should see an error similar to ERR_EMPTY_RESPONSE.

 

Here is a full tutorial that will show you how to install and configure the Nginx Bad Bot Blocker in more detail.