How to block user agents in Nginx

Blocking abusive User-Agent strings in Nginx reduces noisy scans, cuts log spam, and can blunt simple scraper traffic before it wastes worker time or upstream bandwidth.

In Nginx, the User-Agent header is exposed as the variable $http_user_agent and can be matched with case-insensitive regular expressions using the ~* operator. A match rule placed in the relevant server block can immediately return an error response for requests that carry a known-bad client fingerprint.

The User-Agent header is trivial to spoof, so this control is a coarse filter rather than strong security. Keep patterns narrow to avoid blocking legitimate browsers, monitors, and search crawlers, and validate configuration with nginx -t before reloading so a typo does not prevent Nginx from applying changes cleanly.

Steps to block user agents in Nginx:

Choose the user agent tokens or regular expressions to block.

Over-broad matches can block legitimate crawlers and health checks, which can impact monitoring and search indexing.
Add a match rule inside the relevant server block.
```
server {
    ##### snipped #####
    if ($http_user_agent ~* (badbot|scanner|sqlmap|masscan)) {
        return 403;
    }
    ##### snipped #####
}
```
Keep the if block limited to return to avoid unexpected behavior from complex conditional logic.

User agents are spoofable, so pair with rate limiting (for example, limit_req) when abuse persists.

Replace 403 with 444 to drop the connection without returning a response body.

Test the Nginx configuration for syntax errors.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload Nginx to apply the change.
```
$ sudo systemctl reload nginx
```
On systems without systemd, reload with sudo nginx -s reload.

Verify blocking by sending a request with a matching user agent.

$ curl --include --user-agent 'badbot' http://127.0.0.1/
HTTP/1.1 403 Forbidden
Server: nginx
##### snipped #####

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.