root/isopod.cool
1
0
Fork 0
Code Releases Activity
isopod.cool/blog/posts/guide_blocking_user_agents_nginx/index.php
will 9be2f36883 v3.1 - Minor overhaul to the entire site 
- Removed some unused files
- Updated the blog post layout to have all the navigation
- Replaced hovertext in blog posts with footnotes
- Seaonal pride captions on homepage
- Updated /etc/quotes/
  - Background color is now actually reminiscent of Discord
- Total overhaul to /uses/
  - Added sub-page for my computer
- New markup for blockquotes that css-tricks.com says is more semantically correct
- More difficult captcha on the guestbook (answer remains unchanged)
- New blog post about DMs on the fediverse
- Blog now has links to each year
- Removed journal. I barely used it and it was redundant anyway
- Removed the TODO list that I wasn't using from /etc/
- CSS overhaul:
  - Cool new hover animation on navigation links
  - Centralized most color definitions to root variables, and a couple other things too
  - Standard font is now B612 mono
  - complies with prefers-reduced-motion
  - Light theme and low contrast mode in the works
  - Made tables more consistent, and the one on /about/ no longer looks like doodoo
  - Accent borders on headings and such-like
  - Main header & caption are now left-aligned instead of center-aligned
  - Isopod letterhead moved from left side of header to right
  - h1 made smaller, h2-6 changed back to default sizes
  - Adjusted a couple background positions to improve readability
  - Got rid of the checkbox-hack dropdown navigation on mobile, because it kind of sucked
  - Regular body text no longer has text-shadow
- probably some other stuff I forgot about
2024-07-08 03:47:39 -06:00

71 lines
4.4 KiB
PHP
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Guide - How to Block User Agents With Nginx</title>
<link href="/style.css" rel="stylesheet" type="text/css" media="all">
<link href="/blog/comment/comments.css" rel="stylesheet" type="text/css" media="all">
<style>
h1 {
background-image: url('nginx.svg');
}
</style>
</head>
<body>
<?php include($_SERVER['DOCUMENT_ROOT'] . '/nav.php'); ?>
<h1>guide:</h1>
<h2 id="caption">How to Block User Agents With Nginx</h2>
</nav>
<?php include("../post_dates.php"); ?>
<p>Recently, Cloudflare has launched a clumsy, poorly-executed attempt to centralize the fediverse on their platform known as Wildebeest. There are <a href="https://blog.cloudflare.com/welcome-to-wildebeest-the-fediverse-on-cloudflare/" title="This one's kind of a joke, but it explains in detail just how much Wildebeest is fundamentally dependent on Cloudflare's platform, and if you agree with me about anything you should already know why that's bad.">a</a> <a href="https://stop.voring.me/notes/9bka8dyjjo" title="Gleason, of getting-kicked-off-the-dev-team-for-the-fedi-server-he-created-for-sucking-so-much fame, is now contributing code to Wildebeest.">few</a> <a href="https://glitterkitten.co.uk/@doot/109910496299181873" title="This one's the most important. Wildebeest literally just publically displays messages marked as direct. Think admins being able to read your &quot;direct messages&quot; was bad? Try everyone.">reasons</a> not to want to use it, and you probably don't want to be federating with it either. However, blocking every instance running it on sight would be both tedious and ineffective.</p>
<p>The way I've chosen to deal with this is to just configure my reverse proxy, Nginx, to deny connections from anything with "wildebeest" in the user agent string. There are several other good reasons to do this, such as blocking bots that ignore robots.txt, or adapting this approach to serve specialized pages to old browsers, or just denying access to anything that isn't Chrome if you want to earn your place in the 9th circle of Hell.</p>
<p>I'm assuming here that you already know the basics of configuring Nginx, otherwise this article won't really be of much use to you.</p>
<h2>How to do it</h2>
<p>Paste this into the main <code>server</code> block of your Nginx config to instantly drop the connection to any client with a "Wildebeest" (case insensitive) user agent:</p>
<code>
<span class="codetitle">/etc/nginx/sites-available/yoursite</span>
if ($http_user_agent ~* (wildebeest)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;return 444;<br>
}
</code>
<h2>More configuration</h2>
<p>If all you want is to block Wildebeest and forget about it, you can leave now. If you want to customize this behavior further, read on.</p>
<h3>Different HTTP responses</h3>
<p>444 is a custom response code in Nginx that just drops the connection immediately. You can use any other HTTP error code you like, for example to return a <code>403 Forbidden</code> error:</p>
<code>
return 403;
</code>
<p>To issue a permanent redirect to some other URL:</p>
<code>
return 301 https://example.org/;
</code>
<p>Or just to be silly :3</p>
<code>
return 418;
</code>
<h3>Block multiple user agents</h3>
<p>You can also block multiple user agents in one statement like so:</p>
<code>
<span class="codetitle">/etc/nginx/sites-available/yoursite</span>
if ($http_user_agent ~* (wildebeest|googlebot)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;return 444;<br>
}
</code>
<h3>Includes</h3>
<p>One thing I'd recommend doing is moving all your user agent blocks to a separate file that you can include in all your Nginx sites. I place this file at <code>/etc/nginx/includes/bans</code>:</p>
<code>
<span class="codetitle">/etc/nginx/includes/bans</span>
if ($http_user_agent ~* (wildebeest|googlebot)) {<br>
&nbsp;&nbsp;&nbsp;&nbsp;return 444;<br>
}
</code>
<code>
<span class="codetitle">/etc/nginx/sites-available/yoursite</span>
include /etc/nginx/includes/bans;
</code>
<p>The <code>include</code> statement goes in your <code>server</code> block as before.</p>
<?php include("../../comment/form.php"); ?>
</body>
</html>
View git blame Copy permalink