### This file implements a blacklist for certain user agents and
### referrers. It's a first line of defense. It must be included
### inside an http block.

###_ IMPLEMENT
###_ 1.  Review list of user agents to be blocked. Change as necessary.
###_	 NOTE 1:  The list of user agents and list of referrers are
###_	 based on MY preferences.  You might want to remove some of
###_     the user-agents I've blocked.  None of my sites are "business" sites
###_	 so I've blocked some of the more aggressive SEO bots/spiders.
###_     NOTE 2:  curl is blocked by default.  If you are testing/debugging, you
###_ 	 might want to remove curl temporarily.
###_	 NOTE 3:  Added blocking of empty user-agent.  I noted in my logs that every
###_     log line that had an empty user-agent string was a hacking attempt.  So empty
###_	 user-agent strings are now blocked.  I have been monitoring my site
###_     and haven't seen any legitimate requests with an empty referrer for a month.
###_	 It is NOT enabled by default.  I will be revisiting this after some more
###_	 monitoring and investigation.
###_ 2.  Review list of referrers to be blocked.  Change as necessary.
###_ 3.  Review list of hosts exempt from referrer checking.  Change as necessary.


## User Agent Blocking
map $http_user_agent $bad_bot {
    default 0;
    ~*^Lynx 0; # Let Lynx go through
    libwww-perl	1;
#    ""		1; # Block empty user-agent string
    ~(?i)(httrack|htmlparser|libwww|aihitbot|plukkie|sistrix|ezooms|exabot|wget|curl|Morfeus|larbin|ZmEu|Toata|Huawei|talktalk|MJ12bot|Baiduspider|AhrefsBot|spbot|bot-pge\.chlooe\.com|bot\.wsowner\.com|SEOstats|msnbot-media|Mail\.RU_Bot) 1;
}

## Referrer Blocking
map $http_referer $bad_referer {
    default 0;
    ~(?i)(adult|babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|webcam|zippo|casino|replica|onload\.pw) 1;
}

## Hosts exempt from referrer checking
geo $bad_referer {
    127.0.0.1 0;
    192.168.1.0/24 0;
}