Claudio Borges

Technical blog about Linux, BSD, Mac OS X, Games and etc.

Archive for the ‘http user agent’ tag

Using NginX to block a specific HTTP user agent

without comments

Hi Folks, this is my first article in English. My next posts will be in English, I hope everybody is comfortable with that.

I have been working with NginX since version 0.9.7. And this is the first of a plenty of articles about it.

NginX is a powerful web server with a lot of features. It can do amazing things, for example, you can use it for HTTP load balancing or as a forward proxy server and its configuration is pretty easy. As opposed to Apache which has dynamic modules that you can load at your will, NginX is a static binary with built-in modules enabled in compile time.

In this article, I’ll explain how to configure a custom error page and how to block a specific user agent. We’ll use the 480 status code in our error page. The 4xx class of status code is intended for cases in which there seems to be a client error. In fact, they’re making a big mistake by using an outdated browser. We want to offer the best services to our customers, even if we need to force them to update their browser.

Before the main location statement, we need to define the user agent that we want to block and the specific error code:

if ($http_user_agent ~* "MSIE 6.0;") {
    return 480;
}

The if statement above will block just Internet Explorer 6. NginX doesn’t support complex conditions or nested if statements. If you want or need to do that, you need to use regular expressions to have multiple matches or a hack (that I will cover in another post)

The code below will block Internet Explorer version between 6.x and 8.x:

if ($http_user_agent ~* "MSIE ([6-8]{1,}\.\d{0,}\w?\d?);") {
    return 480;
}

PS: You can block any HTTP user agents with GET / POST requests.

If you want to use my error page, click here or you can create a 480.html file in your document root, for example /srv/default/www/. This page will be used when ie6 users try to access our website.

The content is:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>Please upgrade your browser</title>
<style type="text/css">
body{text-align:left; font-size:13px; font-family:Tahoma, sans-serif;background:#EEEEEE;}
</style>
</head>
<body>
    <h1>It's time to upgrade your browser</h1>
    <p>You’re using an outdated version of Internet Explorer. Many websites no longer support Internet Explorer 6 and 7. You won't be able to view this website until you upgrade your browser.</p>
    <h2>Internet Explorer 9</h2>
    <span><a href="http://go.microsoft.com/fwlink/?LinkId=398860">Download now</a></span>
    <h3>Not sure?</h3>
    <p>There are many reasons you should upgrade to a newer version of Internet Explorer. Here are just a few:</p>
    <div>
        <ul>
            <li><p>Internet Explorer 9 gives you a faster, safer browsing experience with better privacy protection.</p></li>
            <li><p>It's free and you can download it with just one click if you're using Windows Vista SP2 or higher.</p></li>
        </ul>
    </div>
    <h3>Still have questions?</h3>
    <div>
        <ul>
            <li><p>Visit the <a href="http://go.microsoft.com/fwlink/?LinkId=399116">Internet Explorer Support page</a></p></li>
            <li><p>Visit the <a href="http://support.microsoft.com">Microsoft Support page</a></p></li>
        </ul>
    </div>
</body>
</html>

If you want to see the page preview, click here

The next step is to configure the virtual host to use our error page. So, edit your virtual host file and add the lines:

error_page 480 @480;
location @480 {
    internal;
    try_files /480.html =403;
}

PS: You can put your error pages in another directory. You just need to set a root directive with another directory, ex:

error_page 480 @480;
location @480 {
    internal;
    root /srv/error/www;
    try_files /480.html =403;
}

Now, let’s suppose you want to block offline browsers like wget or libwww-perl. The process is the same, but this time, we will return the 403 error code (Forbidden).

if ($http_user_agent ~* "(wget|libwww-perl)") {
    return 403;
}

My virtual host code is:

server {
    listen 80;
    server_name godaime.claudioborges.org;
    index index.php index.html;
    
    root /srv/default/www;
    
    charset utf-8;
    
    include /etc/nginx/default.d/*.conf;
    
    error_page 480 @480;
    location @480 {
        internal;
        try_files /480.html =403;
    }   

    if ($http_user_agent ~* "MSIE ([5-8]{1,}\.\d{0,}\w?\d?);") {
        return 480;
    }

    if ($http_user_agent ~* "(wget|libwww-perl)") {
        return 403;
    }

    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_intercept_errors on;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }   

    access_log /var/log/nginx/access main;
    error_log /var/log/nginx/error.log;
}

Now you know how to block HTTP user agents. That is all for now folks.

Written by but3k4

July 18th, 2015 at 9:45 pm

Posted in Linux

Tagged with , , , , , , , ,