Block and Filter Spam Requests With User-Agents in NGINX

My server has been getting bussyblasted by spam requests from bots and other subhumans and I figured out a way to block them with NGINX.

Adapt the following for your use case and simply place it in every nginx.conf that is ln -s linked to your /etc/nginx/sites-enabled (it should be under the listen 443 server block if you use certbot. Don’t add it under location it should be on the same level as listen [::]:443 ssl;)

if ($http_user_agent ~* "Amazonbot|facebookexternalhit|meta-externalagent|ClaudeBot") {
    return 404;
}

To see what kind of requests are being made you can check out the following NGINX file /var/log/nginx/access.log. Scroll all the way down (if you use vim G, for nano - Ctrl + End)

I adapted this guide from this fella over here who blocked all Apple devices on his VPS, read more.

A better alternative - Basic HTTP Authentication

A better way of blocking unwated access to your website is to use apache2 + NGINX’s basic HTTP authentication, read my guide.