How to Block Spammers based on keywords in NGINX

Learn how to block spammers in NGINX using keyword-based filters. Follow simple steps to block unwanted traffic by user agent, URL, or IP address.

How to Block Spammers based on keywords in NGINX

It seems I spend most of my time moderating comments on my websites just to delete spam.  It is still a daily task which sometimes is amazing how much the Wordpress Askimet plugin catches.  It works amazingly well but it still requires time to sort through all the junk mail to ensure nothing was caught by accident.

I stumbled across a feature in NGINX that helps you block website visitors based on the keywords they have in their HTTP header.  For example, if a spammer posts a comment about Viagra.  NGINX catches the keyword Viagra in the HTTP header and redirects the user to another page.

Brilliant right?

Steps for blocking Spam with NGINX

  • Navigate to your NGINX sites-enabled config file.  Usually located in: /etc/nginx/sites-enabled/<config file name>
  • Edit the config file with your preferred editor
  • Copy the below code to your config file:
`# Block HTTP Headers based on keywords and redirect to 403 if ($http_referer ~* (viagra¦cialis¦levitra¦mulberry¦laurent) ) { return 403; }`
  • Modify the keywords to block specific keywords which are giving you trouble. Be sure to separate the keywords with a pipe ¦
  • Save your changes
  • Run the command nginx -t to test the config file for errors.  Only if it passes successfully should you continue to the next step.  If not go back to the config and fix the problems first
  • Reload NGINX by running : service nginx reload

FAQ Section: How to Block Spammers Based on Keywords in NGINX

How can I block spammers using keywords in NGINX?
To block spammers in NGINX based on specific keywords, you can create a rule that checks the request's user agent, URL, or headers for unwanted terms. Using the ngx_http_rewrite_module, you can define these keywords and deny access to requests that match them.

What is an example of an NGINX configuration to block spammers by keyword?
Here’s a simple example of an NGINX configuration to block requests containing certain keywords:

nginxCopy codeif ($http_user_agent ~* "bad-bot|spam-keyword") {
    return 403;
}


This rule will block any requests where the user agent includes the specified keywords.

Can I block specific IPs associated with spam in NGINX?
Yes, you can block specific IP addresses by adding them to a deny directive in your NGINX configuration. For example:

nginxCopy codedeny 123.123.123.123;

This will block requests from the specified IP address.

How do I block URLs containing spammy keywords?
To block URLs with spammy keywords, you can use a location block with a regular expression to match certain patterns:

nginxCopy codelocation ~* "spammy-keyword" {
    return 403;
}

This will deny access to any URL containing the defined spam keyword.

Are there tools to automate blocking spammers in NGINX?
Yes, you can use automated tools like Fail2Ban or NGINX’s ngx_http_limit_req_module to dynamically block spammers based on patterns in their requests. These tools monitor traffic and block IPs or requests that match spammy behavior.

Follow me

If you liked this article be sure to Follow Me on Twitter to stay updated!

Read more