search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
4.08k stars 484 forks source link

[Url] how to block requested urls? #473

Open boomsya opened 2 years ago

boomsya commented 2 years ago

hi. How I can block requested url which contains phrase like "searchphrase=all" or "/component/search/?searchword" ?

log:

165.225.76.101 - - [19/May/2022:13:58:22 +0300] "GET /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.1" 200 12609 "-" "Mozilla/4.0 (Macintosh; U; PPC Mac OS X; en-US)" "-"
5.188.226.154 - - [19/May/2022:13:58:22 +0300] "ST /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.2" 408 0 "-" "Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaC7-00/012.003; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 BrowserNG/7.2.7.3 3gpp-gba" "206.143.0.245"
202.165.233.14 - - [19/May/2022:13:58:21 +0300] "GET /component/search/?searchword=%D1%83%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B0&searchphrase=all HTTP/1.2" 200 12608 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/13.2b11866 Mobile/16A366 Safari/605.1.15" "38.5.93.166"
mitchellkrogza commented 2 years ago

Us the bad-referrer-words.conf file for this

boomsya commented 2 years ago

i have tried code:

"~*(?:\b)searchphrase(?:\b)"            1;

and in file /etc/nginx/conf.d/globalblacklist.conf i have changed:

map $http_user_agent $bad_bot {
    default     1;

but i see what still code 200 returning

mitchellkrogza commented 2 years ago

i have tried code:

"~*(?:\b)searchphrase(?:\b)"          1;

and in file /etc/nginx/conf.d/globalblacklist.conf i have changed:

map $http_user_agent $bad_bot {
  default     1;

but i see what still code 200 returning

I will test but FYI don't ever change globalblacklist.conf it will get overwritten with every update only use the include files. Did you reload nginx after adding that?

boomsya commented 2 years ago

i updating scripts manually once a 1-6 months yes. 

nginx -s reload
mitchellkrogza commented 2 years ago

searchphrase=

In your main location / block you need to nest this phrase

location / {
   .....
   do stuff
   .....
           location ~ /searchphrase= {
            return 444;
        }
}

tested

curl -I "https://xxxxxxxxxx/searchphrase=something"
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
boomsya commented 2 years ago

sorry that not configured in your scripts. But anyway - thanks

boomsya commented 2 years ago

works fine in nginx site config:

if ($request_uri ~* (searchphrase|searchword) ){
    return 404;
}
mitchellkrogza commented 2 years ago

works fine in nginx site config:

if ($request_uri ~* (searchphrase|searchword) ){
    return 404;
}

great, I'll have to add this kind of filter in as well