Step 1: Define the Map BlocksAdd this configuration inside the http {} block of your /etc/nginx/nginx.conf file. This logic evaluates the incoming User-Agent and IP address to flag unauthorized requests
http {
# ... your existing http config ...
# 1. Check if the User-Agent matches the restricted one
map $http_user_agent $is_restricted_ua {
default 0;
"~*YourCustomUserAgent" 1; # Replace with your target User-Agent (regex matching)
}
# 2. Check if the client IP is NOT the authorized one
map $remote_addr $is_unauthorized_ip {
default 1;
"192.168.1.50" 0; # Replace with your ONLY allowed IP address
}
# 3. Combine both conditions: Flag if it's the target UA AND an unauthorized IP
map "$is_restricted_ua$is_unauthorized_ip" $block_request {
default 0;
"11" 1; # 1 (Restricted UA) + 1 (Unauthorized IP) = Block
}
}
Step 2: Apply the Block RuleOpen your website's specific server configuration file (e.g., inside /etc/nginx/sites-available/) and use the combined variable to reject requests with a 403 Forbidden error.
server {
listen 80;
server_name yourdomain.com;
# Place this rule globally inside the server block or inside a specific location block
if ($block_request) {
return 403;
}
location / {
# ... your standard site configuration ...
}
}
NGINX - To allow a specific User-Agent from one IP address only
