### This file implements a blacklist for certain user agents and

### referrers. It's a first line of defense. It must be included

### inside an http block.

###_ IMPLEMENT

###_ 1. Review list of user agents to be blocked. Change as necessary.

###_ NOTE 1: The list of user agents and list of referrers are

###_ based on MY preferences. You might want to remove some of

###_ the user-agents I've blocked. None of my sites are "business" sites

###_ so I've blocked some of the more aggressive SEO bots/spiders.

###_ NOTE 2: curl is blocked by default. If you are testing/debugging, you

###_ might want to remove curl temporarily.

###_ NOTE 3: Added blocking of empty user-agent. I noted in my logs that every

###_ log line that had an empty user-agent string was a hacking attempt. So empty

###_ user-agent strings are now blocked. I have been monitoring my site

###_ and haven't seen any legitimate requests with an empty referrer for a month.

###_ It is NOT enabled by default. I will be revisiting this after some more

###_ monitoring and investigation.

###_ 2. Review list of referrers to be blocked. Change as necessary.

###_ 3. Review list of hosts exempt from referrer checking. Change as necessary.

## User Agent Blocking

map $http_user_agent $bad_bot {

default 0;

~*^Lynx 0; # Let Lynx go through

libwww-perl 1;

# "" 1; # Block empty user-agent string

~(?i)(httrack|htmlparser|libwww|aihitbot|plukkie|sistrix|ezooms|exabot|wget|curl|Morfeus|larbin|ZmEu|Toata|Huawei|talktalk|MJ12bot|Baiduspider|AhrefsBot|spbot|bot-pge\.chlooe\.com|bot\.wsowner\.com|SEOstats|msnbot-media|Mail\.RU_Bot) 1;

}

## Referrer Blocking

map $http_referer $bad_referer {

default 0;

~(?i)(adult|babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica|onload\.pw) 1;

}

## Hosts exempt from referrer checking

geo $bad_referer {

127.0.0.1 0;

192.168.1.0/24 0;

}