[GH-ISSUE #3611] Bad Bot Blocker #2392

New issue

Open

opened 2026-02-26 07:35:23 +03:00 by kerem · 10 comments

kerem commented 2026-02-26 07:35:23 +03:00

Owner

Copy link

Originally created by @Ahmadshoh on GitHub (Mar 7, 2024).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3611

Is your feature request related to a problem? Please describe.

The current setup of nginx-proxy-manager lacks built-in support for integrating the nginx-ultimate-bad-bot-blocker module, resulting in a gap in security measures against malicious bots. Without this integration, administrators may face challenges in effectively mitigating bot-related threats and protecting their systems and applications from potential vulnerabilities and performance issues.

Describe the solution you'd like

I propose adding native support for enabling the nginx-ultimate-bad-bot-blocker within nginx-proxy-manager. This would involve integrating the functionality of the bot blocker module directly into nginx-proxy-manager's interface, allowing administrators to easily activate and configure bot blocking settings without the need for manual configuration or separate installations. This enhancement would streamline the process of fortifying web servers against malicious bot activities, enhancing security and performance for users of nginx-proxy-manager.

Describe alternatives you've considered

One alternative approach would be for administrators to manually configure the nginx-ultimate-bad-bot-blocker module alongside nginx-proxy-manager. However, this approach requires additional technical expertise and may introduce complexities in managing the integration between the two components. Additionally, manual configuration increases the risk of misconfigurations and potential conflicts between settings, which could impact system stability and security.

Additional context

Integrating the nginx-ultimate-bad-bot-blocker module into nginx-proxy-manager would provide a comprehensive solution for protecting web servers against a wide range of bot-based threats, including web scraping, DDoS attacks, and vulnerability scanning. By incorporating this functionality directly into nginx-proxy-manager's interface, administrators can easily enable and customize bot blocking settings, enhancing the overall security posture of their infrastructure. Additionally, the integration would align with the goal of nginx-proxy-manager to provide a user-friendly interface for managing NGINX configurations, simplifying the implementation of advanced security measures for both novice and experienced users.

Originally created by @Ahmadshoh on GitHub (Mar 7, 2024). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/3611 **Is your feature request related to a problem? Please describe.** The current setup of nginx-proxy-manager lacks built-in support for integrating the nginx-ultimate-bad-bot-blocker module, resulting in a gap in security measures against malicious bots. Without this integration, administrators may face challenges in effectively mitigating bot-related threats and protecting their systems and applications from potential vulnerabilities and performance issues. **Describe the solution you'd like** I propose adding native support for enabling the nginx-ultimate-bad-bot-blocker within nginx-proxy-manager. This would involve integrating the functionality of the bot blocker module directly into nginx-proxy-manager's interface, allowing administrators to easily activate and configure bot blocking settings without the need for manual configuration or separate installations. This enhancement would streamline the process of fortifying web servers against malicious bot activities, enhancing security and performance for users of nginx-proxy-manager. **Describe alternatives you've considered** One alternative approach would be for administrators to manually configure the nginx-ultimate-bad-bot-blocker module alongside nginx-proxy-manager. However, this approach requires additional technical expertise and may introduce complexities in managing the integration between the two components. Additionally, manual configuration increases the risk of misconfigurations and potential conflicts between settings, which could impact system stability and security. **Additional context** Integrating the nginx-ultimate-bad-bot-blocker module into nginx-proxy-manager would provide a comprehensive solution for protecting web servers against a wide range of bot-based threats, including web scraping, DDoS attacks, and vulnerability scanning. By incorporating this functionality directly into nginx-proxy-manager's interface, administrators can easily enable and customize bot blocking settings, enhancing the overall security posture of their infrastructure. Additionally, the integration would align with the goal of nginx-proxy-manager to provide a user-friendly interface for managing NGINX configurations, simplifying the implementation of advanced security measures for both novice and experienced users.

kerem added the

enhancement

label 2026-02-26 07:35:23 +03:00

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@Ahmadshoh commented on GitHub (Mar 7, 2024):

More info you can find here:

https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

<!-- gh-comment-id:1983443554 --> @Ahmadshoh commented on GitHub (Mar 7, 2024): More info you can find here: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 28, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2440359484 --> @github-actions[bot] commented on GitHub (Oct 28, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:35:23 +03:00

Author

Owner

Copy link

@gizmocuz commented on GitHub (Nov 10, 2024):

Would still be great if this would be supported

<!-- gh-comment-id:2466728432 --> @gizmocuz commented on GitHub (Nov 10, 2024): Would still be great if this would be supported

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@eikaramba commented on GitHub (Nov 16, 2024):

yes please, metas new crawler are extremly annoying and do not respect the robots.txt - i am flooded with multiple requests per second and various domains

in the meantime i added this to the custom nginx configuration under advanced:

# Block various bots
if ($http_user_agent ~* (meta-externalagent|facebookexternalhit|facebookbot|facebook|crawler|bot|spider|crawl)) {
    return 403;
}

<!-- gh-comment-id:2480731968 --> @eikaramba commented on GitHub (Nov 16, 2024): yes please, metas new crawler are extremly annoying and do not respect the robots.txt - i am flooded with multiple requests per second and various domains in the meantime i added this to the custom nginx configuration under advanced: ``` # Block various bots if ($http_user_agent ~* (meta-externalagent|facebookexternalhit|facebookbot|facebook|crawler|bot|spider|crawl)) { return 403; } ```

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@ichilver commented on GitHub (Dec 3, 2024):

This would be useful. I found this https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker but couldn't see how this would work with an existing NPM docker image.

<!-- gh-comment-id:2514509254 --> @ichilver commented on GitHub (Dec 3, 2024): This would be useful. I found this https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker but couldn't see how this would work with an existing NPM docker image.

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@Kisaragi-ng commented on GitHub (Dec 17, 2024):

would love to have this feature, has anyone tried to use the manual configuration method?

<!-- gh-comment-id:2547397396 --> @Kisaragi-ng commented on GitHub (Dec 17, 2024): would love to have this feature, has anyone tried to use the manual configuration method?

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@ErroneousBosch commented on GitHub (Apr 1, 2025):

Bumping that there should be a plugin or something for this. Even an ability to put in custom configurations. I threw together a quick and dirty shell script that should work for bots and IP addresses, I may revisit it later this week.

it generates files that can be placed in /data/nginx/custom/ that *should * get loaded in.

#! /bin/bash
# this script generates bad bot blocking configurations for nginx proxy manager
# grab latest version of known bad bots from https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list and map to an array
# Download the bad user agents list
bad_bots_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list)

# Map the list to an array
IFS=$'\n' read -r -d '' -a bad_bots_array <<< "$bad_bots_list"

# Generate the config file
# Create the config file
CONFIGFILE="http_top.conf"
echo "# This file is generated by generate_configs.sh" > $CONFIGFILE
 echo "map \$http_user_agent \$bad_bot {" >> $CONFIGFILE
	echo "  default		0;" >> $CONFIGFILE
# Loop through the array and generate the config
for bot in "${bad_bots_array[@]}"; do
    # Remove any leading or trailing whitespace
    bot=$(echo "$bot" | xargs)
    # Skip empty lines
    if [ -z "$bot" ]; then
        continue
    fi
    # Generate the config for the bot
    echo "  \"~*(?:\b)$bot(?:\b)\"		3;" >> $CONFIGFILE
done
# Close the map block
{
  echo "}" 
  echo "geo \$validate_client {" 
  echo "  default		0;" 
}>> $CONFIGFILE
bad_ip_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-ip-addresses.list)
bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/fake-googlebots.list)
bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/nibbler-seo.list)
bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/seo-analysis-tools.list)

# Map the list to an array
IFS=$'\n' read -r -d '' -a bad_ip_array <<< "$bad_ip_list"
# Loop through the array and generate the config
for ip in "${bad_ip_array[@]}"; do
    # Remove any leading or trailing whitespace
    ip=$(echo "$ip" | xargs)
    # Skip empty lines
    if [ -z "$ip" ]; then
        continue
    fi
    # Generate the config for the bot
    echo "  $ip		1;" >> $CONFIGFILE
done
good_ip_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/google-ip-ranges.list)
good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/cloudflare-ip-ranges.list)
good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bunnycdn-net.list)
good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bing-ip-ranges.list)

# Map the list to an array
IFS=$'\n' read -r -d '' -a good_ip_array <<< "$good_ip_list"
# Loop through the array and generate the config
for ip in "${good_ip_array[@]}"; do
    # Remove any leading or trailing whitespace
    ip=$(echo "$ip" | xargs)
    # Skip empty lines
    if [ -z "$ip" ]; then
        continue
    fi
    # Generate the config for the bot
    echo "$ip		0;" >> $CONFIGFILE
done
# Close the geo block
echo "}" >> $CONFIGFILE

CONFIGFILE="server_proxy.conf"
echo "# This file is generated by generate_configs.sh" > $CONFIGFILE
{
  echo "if (\$bad_bot = '3') {" 
  echo "  return 444;" 
  echo "}" 
  echo "if (\$validate_client) {"
  echo "  return 444; "
  echo "}"

} >> $CONFIGFILE

<!-- gh-comment-id:2770626712 --> @ErroneousBosch commented on GitHub (Apr 1, 2025): Bumping that there should be a plugin or something for this. Even an ability to put in custom configurations. I threw together a quick and dirty shell script that *should* work for bots and IP addresses, I may revisit it later this week. it generates files that can be placed in ` /data/nginx/custom/` that *should * get loaded in. ``` #! /bin/bash # this script generates bad bot blocking configurations for nginx proxy manager # grab latest version of known bad bots from https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list and map to an array # Download the bad user agents list bad_bots_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list) # Map the list to an array IFS=$'\n' read -r -d '' -a bad_bots_array <<< "$bad_bots_list" # Generate the config file # Create the config file CONFIGFILE="http_top.conf" echo "# This file is generated by generate_configs.sh" > $CONFIGFILE echo "map \$http_user_agent \$bad_bot {" >> $CONFIGFILE echo " default 0;" >> $CONFIGFILE # Loop through the array and generate the config for bot in "${bad_bots_array[@]}"; do # Remove any leading or trailing whitespace bot=$(echo "$bot" | xargs) # Skip empty lines if [ -z "$bot" ]; then continue fi # Generate the config for the bot echo " \"~*(?:\b)$bot(?:\b)\" 3;" >> $CONFIGFILE done # Close the map block { echo "}" echo "geo \$validate_client {" echo " default 0;" }>> $CONFIGFILE bad_ip_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bad-ip-addresses.list) bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/fake-googlebots.list) bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/nibbler-seo.list) bad_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/seo-analysis-tools.list) # Map the list to an array IFS=$'\n' read -r -d '' -a bad_ip_array <<< "$bad_ip_list" # Loop through the array and generate the config for ip in "${bad_ip_array[@]}"; do # Remove any leading or trailing whitespace ip=$(echo "$ip" | xargs) # Skip empty lines if [ -z "$ip" ]; then continue fi # Generate the config for the bot echo " $ip 1;" >> $CONFIGFILE done good_ip_list=$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/google-ip-ranges.list) good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/cloudflare-ip-ranges.list) good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bunnycdn-net.list) good_ip_list+=$'\n'$(curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/_generator_lists/bing-ip-ranges.list) # Map the list to an array IFS=$'\n' read -r -d '' -a good_ip_array <<< "$good_ip_list" # Loop through the array and generate the config for ip in "${good_ip_array[@]}"; do # Remove any leading or trailing whitespace ip=$(echo "$ip" | xargs) # Skip empty lines if [ -z "$ip" ]; then continue fi # Generate the config for the bot echo "$ip 0;" >> $CONFIGFILE done # Close the geo block echo "}" >> $CONFIGFILE CONFIGFILE="server_proxy.conf" echo "# This file is generated by generate_configs.sh" > $CONFIGFILE { echo "if (\$bad_bot = '3') {" echo " return 444;" echo "}" echo "if (\$validate_client) {" echo " return 444; " echo "}" } >> $CONFIGFILE ```

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Oct 5, 2025):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:3368683090 --> @github-actions[bot] commented on GitHub (Oct 5, 2025): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@gizmocuz commented on GitHub (Oct 5, 2025):

I know you're very busy converting the project to React... But just commenting to keep this open...

<!-- gh-comment-id:3368793569 --> @gizmocuz commented on GitHub (Oct 5, 2025): I know you're very busy converting the project to React... But just commenting to keep this open...

kerem commented 2026-02-26 07:35:24 +03:00

Author

Owner

Copy link

@njfsilva commented on GitHub (Jan 1, 2026):

This is an incredibly important feature, please add it.

<!-- gh-comment-id:3703604450 --> @njfsilva commented on GitHub (Jan 1, 2026): This is an incredibly important feature, please add it.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2392

No description provided.