search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.81k stars 472 forks source link

[INSTALLATION] Issue not blocking? #461

Closed killmasta93 closed 2 years ago

killmasta93 commented 2 years ago

Describe the problem you are experiencing

Currently not blocking while doing the tests

Error Messages

i should get 

curl: (52) Empty reply from server
curl: (56) TCP connection reset by peer
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
curl -A "Xenu Link Sleuth/1.3.8" -I https://mydomain.com
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 09 Feb 2022 18:35:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive

Copy of nginx.conf

If applicable please paste your nginx.conf file here (paste in between the markers)

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##
include /etc/nginx/naxsi_core.rules;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Copy of vhost / website / host .conf file

If applicable please paste your site/vhost configuration file in between the code ticks (paste in between the markers)


Paste site config here

Screenshots

If applicable, add screenshots to help explain your problem.

Server (please complete the following information):

Linux wordpress 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


nginx version: nginx/1.21.6
built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi-master/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --user=www-data --group=www-data --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --prefix=/usr

Additional information

this is my default.conf


server {
#    listen 80;
#    listen [::]:80;
listen 443 ssl;
       ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
       ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
       ssl_stapling_verify on;
   root /var/www/html/wordpress;
    index  index.php index.html index.htm;
    server_name mydomain.com;
location ~ /.well-known {

    ##
    # Nginx Bad Bot Blocker Includes
    # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    ##
    include /etc/nginx/bots.d/ddos.conf;
    include /etc/nginx/bots.d/blockbots.conf;

        root /var/www/letsencrypt;
        allow all;
    }
     client_max_body_size 100M;

    location / {
  include /etc/nginx/naxsi.rules;
  include /etc/nginx/wordpress.rules;
  try_files $uri $uri/ /index.php?$args;
    }
#include snippets/phpmyadmin.conf;
    location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass             unix:/var/run/php/php7.2-fpm.sock;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}
mitchellkrogza commented 2 years ago

You've added the blocker includes in your /.well-known location block and not your / location block

killmasta93 commented 2 years ago

Thank you that did the trick,

killmasta93 commented 2 years ago

quick question it works when i try https but when i try http i get this, im guessing its normal?

HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.6
Date: Thu, 10 Feb 2022 22:48:55 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://mydomain.com/
itoffshore commented 2 years ago

http code 301 is a permanent redirect.

redirecting http to https is considered a best practice for the web nowadays (so yes is normal & recommended on web servers to encrypt data to / from the client browser))

mitchellkrogza commented 2 years ago

Best is to configure your port 80 config to drop bots before they even get redirected to 443, I do this on all my sites.

server {
    listen 80;
    listen [::]:80;
...
...
...
...
    location / {
        # Block Bad Bots
        include /etc/nginx/bots.d/blockbots.conf;
        include /etc/nginx/bots.d/ddos.conf;
        return 301 https://yourdomain$request_uri;
    }
    # END OF HTTP PORT 80 HOST CONFIG - CLOSING BRACE BELOW THIS LINE
}