Nginx Block User-Agent "-"

Question

I'm getting some kind of access that is causing problems on my server:

172.68.28.210 - - [03/Jul/2016:13:41:06 -0300] " "GET / HTTP/1.1" 502 166 "-" "-"

I would like to block even the $HTTP_USER_AGENT, made this attempt did not work.

if ($http_user_agent = "-") {
        return 403;
    }

Someone would know what's wrong?

The 502 means internal server error. Are you proxying the requests to something else? Could you please post your NGINX config as well? — Keenan Lawrence, Jul 03 '16 at 18:05

score 2 · Answer 1 · answered Jul 03 '16 at 20:00

2

That is because the $http_user_agent variable may have different value depending on the context.

If the header is absent in the request, then it'll present itself as - in your access_log, all the while still being just empty within your if-statement.

Thus, perhaps the following is what you want instead:

if ($http_user_agent = "") {
    return 403;
}

answered Jul 03 '16 at 20:00

cnst

@Marcos, did this work for you? If yes, please don't forget to accept and upvote. thanks! – cnst Jul 06 '16 at 20:35

1 Answers1