Path: csiph.com!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Marco Moock <mm+usenet-es@dorfdsl.de>
Newsgroups: comp.infosystems.www.servers.unix,comp.security.unix,comp.security.misc
Subject: Re: Blocking faux broswers in nginx
Date: Mon, 24 Feb 2025 10:12:05 +0100
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <20250224101205.7fc11abf@ryz.dorfdsl.de>
References: <vpgsnl$1f7u$2@gallifrey.nk.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 24 Feb 2025 10:12:07 +0100 (CET)
Injection-Info: dont-email.me; posting-host="56089c94fe6698c751e3db3979ab1edb"; logging-data="1073183"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18PyjP/Za/1jbj1BaM4rxIq"
Cancel-Lock: sha1:kmqthJ7UesmpoY4rxBQIuVUlOjA=
Xref: csiph.com comp.infosystems.www.servers.unix:681 comp.security.unix:260 comp.security.misc:1552

On 24.02.2025 04:31 Uhr The Doctor wrote:

> How do I do a universal block on bogus browsers on nginx?

You can only block on the User-Agent header that can be changed to
whatever the attacker wants.

To block it at the nginx:
https://stackoverflow.com/questions/22144092/how-to-block-a-specific-user-agent-in-nginx-config

I also recommend banning the source IP using fail2ban.

-- 
kind regards
Marco

Send spam to 1740367909muell@stinkedores.dorfdsl.de