|
|
@@ -1,82 +1,13 @@
|
|
|
-# *************************************************************************************
|
|
|
-# The Apache Ultimate Bot Blocker - Apache 2.4 Version without mod_access_compat module
|
|
|
-# *************************************************************************************
|
|
|
-
|
|
|
-##############################################################################
|
|
|
-# ___ __ #
|
|
|
-# / _ | ___ ___ _____/ / ___ #
|
|
|
-# / __ |/ _ \/ _ `/ __/ _ \/ -_) #
|
|
|
-# /_/ |_/ .__/\_,_/\__/_//_/\__/ #
|
|
|
-# __/_/ __ ___ __ ___ __ __ #
|
|
|
-# / _ )___ ____/ / / _ )___ / /_ / _ )/ /__ ____/ /_____ ____ #
|
|
|
-# / _ / _ `/ _ / / _ / _ \/ __/ / _ / / _ \/ __/ '_/ -_) __/ #
|
|
|
-# /____/\_,_/\_,_/ /____/\___/\__/ /____/_/\___/\__/_/\_\\__/_/ #
|
|
|
-# #
|
|
|
-##############################################################################
|
|
|
-
|
|
|
-### Version Information #
|
|
|
+# *****************************************************************************
|
|
|
+# Upstream - https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
|
|
|
+# *****************************************************************************
|
|
|
+### Version Information ###
|
|
|
###################################################
|
|
|
### Version: V3.2022.05.1398
|
|
|
### Updated: Tue May 31 10:12:53 UTC 2022
|
|
|
### Bad Referrer Count: 7091
|
|
|
### Bad Bot Count: 637
|
|
|
###################################################
|
|
|
-### Version Information ##
|
|
|
-
|
|
|
-### Created By: https://github.com/mitchellkrogza/
|
|
|
-### Copyright Mitchell Krog - <mitchellkrog@gmail.com>
|
|
|
-
|
|
|
-### This file implements a checklist / blacklist for good user agents, bad user agents and
|
|
|
-### bad spam referrers. It also has whitelisting for your own IP's and known good IP Ranges
|
|
|
-
|
|
|
-# PLEASE READ the full Readme at
|
|
|
-# https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/blob/master/README.md
|
|
|
-
|
|
|
-# WARNING:
|
|
|
-# ********
|
|
|
-# Please understand why you are using this before you even use this.
|
|
|
-# Please do not simply copy and paste without understanding what this is doing.
|
|
|
-
|
|
|
-# MONITOR WHAT YOU ARE DOING:
|
|
|
-# ***************************
|
|
|
-# MAKE SURE to monitor your web site logs after implementing this. I suggest you first
|
|
|
-# load this into one site and monitor it for any possible false positives before putting
|
|
|
-# this into production on all your web sites.
|
|
|
-
|
|
|
-# ******************************************
|
|
|
-# CONFIGURATION INSIDE A VIRTUALHOST EXAMPLE
|
|
|
-# ******************************************
|
|
|
-# This is how you should include the globalblacklist.conf within a VirtualHost
|
|
|
-
|
|
|
- # ********************************************************
|
|
|
- # ********************************************************
|
|
|
- # <VirtualHost *:80>
|
|
|
- # ServerName local.dev
|
|
|
- # DocumentRoot /var/www/html
|
|
|
- # RewriteEngine On
|
|
|
- # ErrorLog /tmp/error.log
|
|
|
- # <Directory /var/www/html>
|
|
|
- # AllowOverride All
|
|
|
- # Options FollowSymLinks
|
|
|
- # Include custom.d/globalblacklist.conf
|
|
|
- # </Directory>
|
|
|
- # </VirtualHost>
|
|
|
- # ********************************************************
|
|
|
- # ********************************************************
|
|
|
-
|
|
|
-# *********************************
|
|
|
-# FIRST BLOCK BY USER-AGENT STRINGS
|
|
|
-# *********************************
|
|
|
-
|
|
|
- # PLEASE TEST !!!
|
|
|
- # ***************
|
|
|
- # ALWAYS test any User-Agent Strings you add here to make sure you have it right
|
|
|
- # Use a Chrome Extension called "User-Agent Switcher for Chrome" where you can create your
|
|
|
- # own custom lists of User-Agent and test them easily against your rules below.
|
|
|
-
|
|
|
- # ***********************************************
|
|
|
- # Allow Good User-Agent Strings We Know and Trust
|
|
|
- # ***********************************************
|
|
|
|
|
|
# START GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
BrowserMatchNoCase "(?:\b)AdsBot-Google(?:\b)" good_bot
|
|
|
@@ -117,12 +48,6 @@ BrowserMatchNoCase "(?:\b)teoma(?:\b)" good_bot
|
|
|
BrowserMatchNoCase "(?:\b)yahoo(?:\b)" good_bot
|
|
|
# END GOOD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # **********************************
|
|
|
- # User-Agent Strings Allowed Through
|
|
|
- # **********************************
|
|
|
- # Some people block libwww-perl, it used widely in many valid (non rogue) agents
|
|
|
- # I allow libwww-perl as I use it for monitoring systems with Munin but it is rate limited
|
|
|
-
|
|
|
# START ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
BrowserMatchNoCase "(?:\b)Lynx(?:\b)" good_bot
|
|
|
BrowserMatchNoCase "(?:\b)Presto(?:\b)" good_bot
|
|
|
@@ -132,14 +57,6 @@ BrowserMatchNoCase "(?:\b)libwww-perl(?:\b)" good_bot
|
|
|
BrowserMatchNoCase "(?:\b)munin(?:\b)" good_bot
|
|
|
# END ALLOWED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # **************************************************************
|
|
|
- # Rate Limited User-Agents who get a bit aggressive on bandwidth
|
|
|
- # **************************************************************
|
|
|
- # Rate limiting not yet active on this apache branch therefore all here are allowed
|
|
|
- # Nginx has brilliant built in rate limiting but as I no longer use Apaache it is doubtful
|
|
|
- # I will ever waste time on introducing a rate limiting function. Feel free to send a PR for this
|
|
|
- # If you want to see this included.
|
|
|
-
|
|
|
# START LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
BrowserMatchNoCase "(?:\b)Alexa(?:\b)" good_bot
|
|
|
BrowserMatchNoCase "(?:\b)ArchiveTeam(?:\b)" good_bot
|
|
|
@@ -161,12 +78,6 @@ BrowserMatchNoCase "(?:\b)ia_archiver(?:\b)" good_bot
|
|
|
BrowserMatchNoCase "(?:\b)sfFeedReader/0.9(?:\b)" good_bot
|
|
|
# END LIMITED BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # *********************************************
|
|
|
- # Bad User-Agent Strings That We Block Outright
|
|
|
- # *********************************************
|
|
|
- # This includes:
|
|
|
- # Known Vulnerability Scanners (now merged into one section)
|
|
|
-
|
|
|
# START BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
BrowserMatchNoCase "(?:\b)01h4x.com(?:\b)" bad_bot
|
|
|
BrowserMatchNoCase "(?:\b)360Spider(?:\b)" bad_bot
|
|
|
@@ -808,143 +719,15 @@ BrowserMatchNoCase "(?:\b)zauba.io(?:\b)" bad_bot
|
|
|
BrowserMatchNoCase "(?:\b)zgrab(?:\b)" bad_bot
|
|
|
# END BAD BOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
-
|
|
|
- # ***********************************************
|
|
|
- # Include your Own Custom List of Bad User Agents
|
|
|
- # ***********************************************
|
|
|
-
|
|
|
+###########################################################################
|
|
|
+# ***********************************************
|
|
|
+# Include Custom List of Bad User Agents
|
|
|
+# ***********************************************
|
|
|
Include custom.d/blacklist-user-agents.conf
|
|
|
-
|
|
|
- # ************************************
|
|
|
- # GOOD REFERERS - Spared from Checking
|
|
|
- # ************************************
|
|
|
-
|
|
|
- # Add all your own web site domain names and server names in this section
|
|
|
-
|
|
|
- # WHITELIST Your Own Domain Names Here using the Include File Method
|
|
|
- # New Method Uses the include file below so that when pulling future updates your
|
|
|
- # whitelisted domain names are automatically now included for you.
|
|
|
- # Read Comments inside whitelist-domains.conf for customization tips.
|
|
|
- # Updating the main globalblacklist.conf file will not touch your custom include files
|
|
|
-
|
|
|
Include custom.d/whitelist-domains.conf
|
|
|
-
|
|
|
-
|
|
|
-# ****************************************
|
|
|
-# SECOND BLOCK BY REFERER STRINGS AND URLS
|
|
|
-# ****************************************
|
|
|
-
|
|
|
- # Add here all referrer words and URL's that are to blocked.
|
|
|
- # Referers are often used to spam or make your site appear to be spam
|
|
|
- # They can be very bad for your SEO if not monitored -- DID I mention you need to
|
|
|
- # be monitoring your logs frequently so that you know who is trying to do what
|
|
|
- # Referers can also result in high bounce rates on your sites by sending fake traffic
|
|
|
- #
|
|
|
- # Once Again we use a NoCase Apache variable here so its not case sensitive
|
|
|
-
|
|
|
- # ADD Any Referers to this alphabetical block - other specific blocks ie. Semalt
|
|
|
- # have their own custom blocks which are easier to maintain.
|
|
|
- #
|
|
|
- # PLEASE TEST !!!!
|
|
|
- # *****************
|
|
|
- # ALWAYS test referers that you add. This is done manually as follows
|
|
|
- # curl --referer http://getmyads24.com http://www.yourdomain.com/
|
|
|
- # This uses curl to send the referer string to your site and you should see an immediate
|
|
|
- # 403 Forbidden Error
|
|
|
- # I also include any sites that hotlink images from my sites into the list below
|
|
|
-
|
|
|
- # *****************
|
|
|
- # PLEASE TEST !!!!
|
|
|
- # *****************
|
|
|
-
|
|
|
- # ALWAYS test referers that you add. This is done manually as follows
|
|
|
-
|
|
|
- # curl -I http://www.yourdomain.com -e http://anything.adcash.com
|
|
|
- # curl -I http://www.yourdomain.com -e http://www.goodwebsite.com/not-adcash
|
|
|
- # curl -I http://www.yourdomain.com -e http://www.betterwebsite.com/not/adcash
|
|
|
-
|
|
|
- # This uses curl to send the referer string to your site and you should see an immediate
|
|
|
- # 403 Forbidden Error.
|
|
|
-
|
|
|
- # Because of case-insensitive matching any combination of capitilization in the names
|
|
|
- # will all produce a positive hit - make sure you always test thoroughly and monitor logs
|
|
|
- # This also does NOT check for a preceding www. nor does it check for it ending in .com
|
|
|
- # .net .org or any long string attached at the end. It also does not care if the referer
|
|
|
- # was sent with http https or even ftp.
|
|
|
-
|
|
|
- # REAL WORLD EXAMPLE
|
|
|
- # *******************
|
|
|
- # If you were a photographer like me and say took a photo of a "girl" and you then posted
|
|
|
- # a blog showing everyone your new photo and your blog slug / permalink was
|
|
|
- # http://www.mysite.com/blog/photo-of-girl/
|
|
|
- # You can go and monitor your logs and you will see lots of 403 errors from other pages on your
|
|
|
- # site that have been clicked on sending that page as a referer so in the example below
|
|
|
- # you will generate a 403 error.
|
|
|
-
|
|
|
- # curl --referer http://www.mysite.com/blog/photo-of-girl/ http://www.mysite.com/
|
|
|
-
|
|
|
- # So please be careful with these and think carefully before you add new words.
|
|
|
- # Remember we are trying to keep out the general riff-raff not kill your web sites.
|
|
|
-
|
|
|
- # *************************
|
|
|
- # Bad Referer Word Scanning
|
|
|
- # *************************
|
|
|
-
|
|
|
- # These are Words and Terms often found tagged onto domains or within url query strings.
|
|
|
- # Create and Customize Your Own Bad Referrer Words Here using the new Include File Method
|
|
|
- # New Method Uses the include file below so that when pulling future updates your
|
|
|
- # customized list of bad referrer words are automatically now included for you
|
|
|
- # Read Comments inside bad-referrer-words.conf for customization tips.
|
|
|
- # Updating the main globalblacklist.conf file will not touch your custom include files
|
|
|
-
|
|
|
Include custom.d/bad-referrer-words.conf
|
|
|
|
|
|
- # ************************
|
|
|
- # Bad Referer Domain Names
|
|
|
- # ************************
|
|
|
-
|
|
|
- # Now a list of bad referer urls these domains or any combination of them ie .com .net
|
|
|
- # will be blocked out. Doesn't matter if the protocol is http, https or even ftp
|
|
|
-
|
|
|
- # This section includes:
|
|
|
- # **********************
|
|
|
- # Blocking of SEO company Semalt.com (now merged into this one section)
|
|
|
- # MIRAI Botnet Domains Used for Mass Attacks
|
|
|
- # Other known bad SEO companies and Ad Hijacking Sites
|
|
|
- # Sites linked to malware, adware and ransomware
|
|
|
-
|
|
|
- # *****************
|
|
|
- # PLEASE TEST !!!!
|
|
|
- # *****************
|
|
|
-
|
|
|
- # ALWAYS test referers that you add. This is done manually as follows
|
|
|
-
|
|
|
- # curl -I http://www.yourdomain.com -e http://8gold.com
|
|
|
-
|
|
|
- # This uses curl to send the referer string to your site and you should see an immediate
|
|
|
- # 403 Forbidden Error
|
|
|
-
|
|
|
- # Because of case-insensitive matching any combination of capitilization
|
|
|
- # will all produce a positive hit - make sure you always test.
|
|
|
-
|
|
|
- # curl -I http://www.yourdomain.com -e http://NOT-8gold.com
|
|
|
- # curl -I http://www.yourdomain.com -e http://this.is.not8gOlD.net
|
|
|
- # curl -I http://www.yourdomain.com -e ftp://8gold.com
|
|
|
- # curl -I http://www.yourdomain.com -e ftp://www.weare8gold.NET
|
|
|
- # curl -I http://www.yourdomain.com -e https://subdomain.8gold.com
|
|
|
- # curl -I http://www.yourdomain.com -e https://NOT8GolD.org
|
|
|
-
|
|
|
- # This works exactly like the bad referer word lists above and is very strict !!!
|
|
|
- # I have gone for the simple stricter approach which blocks all variants for those
|
|
|
- # who just hop out and buy another domain name.
|
|
|
-
|
|
|
- # So if you see a bad referer from wearegoogle.com and you want to block them just add
|
|
|
- # them as "~*wearegoogle.com" don't ever go and do something like "~*google.com" you will
|
|
|
- # kill all your SEO in a week.
|
|
|
-
|
|
|
- # I also include any sites that hotlink images from my sites into the list below.
|
|
|
- # There are hundreds of image stealing sites out there so this list is extensive and growing all the time.
|
|
|
-
|
|
|
+###########################################################################
|
|
|
|
|
|
# START BAD REFERERS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
SetEnvIfNoCase Referer ~*000free\.us spam_ref
|
|
|
@@ -8047,31 +7830,8 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
# NOW WE ACTIVATE THE BLOCKER USING OUR ACCESS CONTROLS WITH NEW APACHE 2.4 SYNTAX
|
|
|
# ***************************************************************************************
|
|
|
# Remember to de-activate the module access_compat by running sudo a2dismod access_compat
|
|
|
-# This is where we actually make the blocker work, everything before and above this
|
|
|
-# section is merely where we are declaring our environment variables.
|
|
|
# ***************************************************************************************
|
|
|
|
|
|
- # ******************************************
|
|
|
- # CONFIGURATION INSIDE A VIRTUALHOST EXAMPLE
|
|
|
- # ******************************************
|
|
|
- # This is how you should include the globalblacklist.conf within a VirtualHost
|
|
|
-
|
|
|
- # ********************************************************
|
|
|
- # ********************************************************
|
|
|
- # <VirtualHost *:80>
|
|
|
- # ServerName local.dev
|
|
|
- # DocumentRoot /var/www/html
|
|
|
- # RewriteEngine On
|
|
|
- # ErrorLog /tmp/error.log
|
|
|
- # <Directory /var/www/html>
|
|
|
- # AllowOverride All
|
|
|
- # Options FollowSymLinks
|
|
|
- # Include custom.d/globalblacklist.conf
|
|
|
- # </Directory>
|
|
|
- # </VirtualHost>
|
|
|
- # ********************************************************
|
|
|
- # ********************************************************
|
|
|
-
|
|
|
<RequireAny>
|
|
|
<RequireAll>
|
|
|
|
|
|
@@ -8079,9 +7839,13 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require not env bad_bot
|
|
|
Require not env spam_ref
|
|
|
|
|
|
- # *************************
|
|
|
- # Wordpress Theme Detectors
|
|
|
- # *************************
|
|
|
+###########################################################################
|
|
|
+ # ********************************************
|
|
|
+ # CUSTOM Blacklist IP addresses and IP Ranges
|
|
|
+ # ********************************************
|
|
|
+ Include custom.d/blacklist-ips.conf
|
|
|
+
|
|
|
+###########################################################################
|
|
|
|
|
|
# START WP THEME DETECTORS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
Require not ip 104.197.51.76
|
|
|
@@ -8125,12 +7889,7 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require not ip 89.36.223.188
|
|
|
# END WP THEME DETECTORS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # ****************************************
|
|
|
- # NIBBLER - SEO testing and reporting tool
|
|
|
- # ****************************************
|
|
|
- # See - http://nibbler.silktide.com/
|
|
|
-
|
|
|
- # START NIBBLER ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
+ # START NIBBLER ### DO NOT EDIT THIS LINE AT ALL See - http://nibbler.silktide.com/ ###
|
|
|
Require not ip 52.201.238.175
|
|
|
Require not ip 52.90.20.216
|
|
|
Require not ip 54.161.247.146
|
|
|
@@ -8140,10 +7899,6 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require not ip 54.242.250.203
|
|
|
# END NIBBLER ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # ---------------------
|
|
|
- # BLOCK FAKE GOOGLEBOTS
|
|
|
- # ---------------------
|
|
|
-
|
|
|
# START FAKE GOOGLEBOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
Require not ip 102.165.53.68
|
|
|
Require not ip 103.254.185.195
|
|
|
@@ -8364,21 +8119,6 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require not ip 95.73.248.159
|
|
|
# END FAKE GOOGLEBOTS ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
-
|
|
|
-
|
|
|
- # *************************************************
|
|
|
- # Blacklist IP addresses and IP Ranges Customizable
|
|
|
- # *************************************************
|
|
|
-
|
|
|
- # BLACKLIST all your IP addresses and Ranges using the new include file below.
|
|
|
- # New Method Uses the include file below so that when pulling future updates your
|
|
|
- # Custom Blacklisted IP addresses are automatically now included for you.
|
|
|
- # Read Comments inside blacklist-ips.conf for customization tips.
|
|
|
- # Updating the main globalblacklist.conf file will not touch your custom include files
|
|
|
-
|
|
|
- Include custom.d/blacklist-ips.conf
|
|
|
-
|
|
|
-
|
|
|
</RequireAll>
|
|
|
|
|
|
<RequireAny>
|
|
|
@@ -8386,28 +8126,13 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require env good_ref
|
|
|
Require env good_bot
|
|
|
|
|
|
- # ***********************************************
|
|
|
- # WHITELISTING AND BLACKLISTING IP ADDRESS RANGES
|
|
|
- # ***********************************************
|
|
|
-
|
|
|
+###########################################################################
|
|
|
# ***********************************
|
|
|
# Whitelist all your OWN IP addresses
|
|
|
# ***********************************
|
|
|
-
|
|
|
- # WHITELIST all your own IP addresses using the include file below.
|
|
|
- # New Method Uses the include file below so that when pulling future updates your
|
|
|
- # whitelisted IP addresses are automatically now included for you.
|
|
|
- # Read Comments inside whitelist-ips.conf for customization tips.
|
|
|
- # Updating the main globalblacklist.conf file will not touch your custom include files
|
|
|
-
|
|
|
Include custom.d/whitelist-ips.conf
|
|
|
-
|
|
|
- # ***********
|
|
|
- # Google Bots
|
|
|
- # ***********
|
|
|
-
|
|
|
- # For Safety Sake Google's Known BOT IP Ranges are all white listed in case you add
|
|
|
- # anything lower down that you mistakenly picked up as a bad bot.
|
|
|
+
|
|
|
+###########################################################################
|
|
|
|
|
|
# START GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
Require ip 108.177.0.0/17
|
|
|
@@ -8435,10 +8160,6 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require ip 74.125.0.0/16
|
|
|
# END GOOGLE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # *********
|
|
|
- # Bing Bots
|
|
|
- # *********
|
|
|
-
|
|
|
# START BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
Require ip 131.253.21.0/24
|
|
|
Require ip 131.253.22.0/23
|
|
|
@@ -8461,10 +8182,6 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
Require ip 40.96.0.0/12
|
|
|
# END BING IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
- # ********************
|
|
|
- # Cloudflare IP Ranges
|
|
|
- # ********************
|
|
|
-
|
|
|
# START CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
Require ip 103.21.244.0/22
|
|
|
Require ip 103.22.200.0/22
|
|
|
@@ -8491,7 +8208,4 @@ SetEnvIfNoCase Referer ~*zzlgxh\.com spam_ref
|
|
|
# END CLOUDFLARE IP RANGES ### DO NOT EDIT THIS LINE AT ALL ###
|
|
|
|
|
|
</RequireAny>
|
|
|
-
|
|
|
-</RequireAny>
|
|
|
-
|
|
|
-# End of Blacklist --- rest of your server config will continue after this block if you followed my instructions properly.
|
|
|
+</RequireAny>
|
