如何在 nginx 中阻止特定的人类用户代理 [英] How to block specific human looking user agent in nginx

问题描述

我最近在垃圾邮件和机器人注册方面遇到了一些问题，所有这些反验证码系统似乎都不起作用.

I have been having a few problems with spam recently and bots registering and all these anti captcha systems do not seem to be working.

我分析了我的访问日志，发现用户代理没有被人类使用，可能是因为它们太旧了......但也注意到有一些 HEAD/GET/POST/攻击也进入了 Web 服务器在用户代理上使用完全相同的字符串.可能使用与垃圾邮件/添加机器人相同的用户代理的引导程序.

I have analyzed my access logs and discovered the user agents are not used by humans maybe because they are old... But also noticed that there has been some HEAD / GET / POST / attacks also coming in to the web server as well using the exact same string on user agents. Possibly booters using the same user agents as spam/add bots.

216.151.139.172 - - [24/Mar/2013:00:58:20 +0000] "GET/index.php?action=verificationcode;vid=register;rand=12c64196f4558b2dff00db7ed3ee8ad9HTTP/1.1" 200 2189 "index.php?action=register" "Mozilla/4.0(兼容；MSIE 7.0；Windows NT 5.1；Trident/4.0；.NET CLR1.1.4322)" "-"

216.151.139.172 - - [24/Mar/2013:00:58:20 +0000] "GET /index.php?action=verificationcode;vid=register;rand=12c64196f4558b2dff00db7ed3ee8ad9 HTTP/1.1" 200 2189 "index.php?action=register" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)" "-"

在没有阻止所有用户代理的 nginx 中，无论如何只阻止包含在用户代理中的这个字符串，以便这些机器人可以停止注册和广告.

In nginx without blocking all user agents, is there anyway to just block this string contained in the useragent so these bots can stop registering and advertising.

Mozilla/4.0(兼容；MSIE 7.0；Windows NT 5.1；Trident/4.0；.NET CLR 1.1.4322)"

"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)"

感谢阅读.

推荐答案

你可以试试这个

if ($http_user_agent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)") {
  return 444; # 444 is a special nginx status code that's useful in fighting attack
}

但是那个用户代理字符串是有效的，这意味着你也可以阻止一些合法的访问.

But that user agent string is valid, which means that you could block some legit visits as well.

我建议您尝试基于 ip 的访问控制.请参阅 http://wiki.nginx.org/HttpAccessModule 以进行设置.在我看来更好.

I'd suggest you try ip based access control. See http://wiki.nginx.org/HttpAccessModule for setting that up. It's better in my opinion.

这篇关于如何在 nginx 中阻止特定的人类用户代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！