From ef32d2ae3886388e5fc3c07b5ff1cfa0a9495c84 Mon Sep 17 00:00:00 2001 From: Siarhei Siniak Date: Wed, 17 Sep 2025 12:46:42 +0300 Subject: [PATCH] [+] update nginx config 1. add drop_by_user_agent section for ssl servers; 1.1. ban traffic from openai.com/gptbot; --- d1/nginx_config.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/d1/nginx_config.py b/d1/nginx_config.py index 3c44990..07e4627 100644 --- a/d1/nginx_config.py +++ b/d1/nginx_config.py @@ -1,4 +1,5 @@ import json +import re import socket import os import io @@ -312,6 +313,11 @@ server { deny all; } + location ~ ^/.well-known/acme-challenge/ { + alias /var/www/; + try_files $uri =404; + } + location ~ { deny all; } @@ -374,6 +380,23 @@ server { else: http_location = location_forward_ssl + drop_by_user_agent = '' + + if not server.get('drop_by_user_agent') is None: + r = re.compile('^([a-zA-Z0-9\s\.\,\(\)]+)$') + user_agent_list = [ + r.match(o)[1] + for o in server.get('drop_by_user_agent') + ] + drop_by_user_agent = r''' + if ( $http_user_agent ~ ({user_agent_list}) ) { + return 444; + } + '''.replace( + '{user_agent_list}', + '|'.join(user_agent_list) + ) + servers.append( r''' server { @@ -410,6 +433,8 @@ server { ssl_certificate {signed_chain_cert}; ssl_certificate_key {domain_key}; + {drop_by_user_agent} + location ^~ / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -430,6 +455,8 @@ server { '{client_max_body_size}', server['client_max_body_size'], ).replace( '{domain_key}', server['domain_key'], + ).replace( + '{drop_by_user_agent}', drop_by_user_agent, ).replace( '{ssl_port}', '%d' % ssl_port, ).replace(