This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##################################################################################### | |
# 1.Criar o arquivo /etc/nginx/conf.d/blockUserAgents.conf com as linhas seguintes. # | |
##################################################################################### | |
map $http_user_agent $blockedagent { | |
default 0; | |
~*360Spider 1; | |
~*80legs 1; | |
~*Abonti 1; | |
~*Aboundex 1; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Criar o arquivo useragent.conf com as linhas seguintes. | |
# Fazer a inclusão do arquivo no site configurado dentro do bloco server. | |
# Ex: include /etc/nginx/useragent.conf | |
if ($http_user_agent ~* (360Spider|80legs.com|Abonti|AcoonBot|Acunetix|adbeat_bot|AddThis.com|adidxbot|ADmantX|AhrefsBot|AngloINFO|Antelope|Applebot|BaiduSpider|BeetleBot|billigerbot|binlar|bitlybot|BlackWidow|BLP_bbot|BoardReader|Bolt\ 0|BOT\ for\ JCE|Bot\ mailto\:craftbot@yahoo\.com|casper|CazoodleBot|CCBot|checkprivacy|ChinaClaw|chromeframe|Clerkbot|Cliqzbot|clshttp|CommonCrawler|comodo|CPython|crawler4j|Crawlera|CRAZYWEBCRAWLER|Curious|Curl|Custo|CWS_proxy|Default\ Browser\ 0|diavol|DigExt|Digincore|DIIbot|discobot|DISCo|DoCoMo|DotBot|Download\ Demon|DTS.Agent|EasouSpider|eCatch|ecxi|EirGrabber|Elmer|EmailCollector|EmailSiphon|EmailWolf|Exabot|ExaleadCloudView|ExpertSearchSpider|ExpertSearch|Express\ WebPictures|ExtractorPro|extract|EyeNetIE|Ezooms|F2S|FastSeek|feedfinder|FeedlyBot|FHscan|finbot|Flamingo_SearchEngine|FlappyBot|FlashGet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Coloque este arquivo em "/etc/sysctl.d/network-tuning.conf" e | |
## execute "sysctl -p /etc/sysctl.d/network-tuning.conf" para que as novas configurações sejam definidas no kernel. | |
# Evita um smurf attack | |
net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
# Ativa a proteção contra bad icmp error messages | |
net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
# Ativa syncookies para proteção contra SYN flood attack |