nginx-ultimate-bad-bot-blocker icon indicating copy to clipboard operation
nginx-ultimate-bad-bot-blocker copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

[V4] Welcome Version 4

Open mitchellkrogza opened this issue 5 years ago • 0 comments

After several extensive days of testing Version 4 of the blocker has been officially released.

There is nothing for you to do if you are already auto updating through cron chances are you are already on V4 and will probably not notice any difference. If you are not auto updating grab the latest version.

What's changed

  • A number of bugs have been fixed
  • The template format changed in places
  • A number of old lingering issues closed
  • Better regex pattern to catch bad-bots which escape rules by attempting to hide themselves in the UA string - less chances of false positives.
  • A barrage of extensive tests during the build process which test each and every function of the blocker these include a number of false positive tests too.
  • Build Tests can be Seen Here
  • One failure during any of the build tests will fail a build and prevent a new release.
  • Whitelisting of IP's (had a bug) fixed and 100% tested and working - whitelist-ips.conf reigns supreme.
  • Over-riding blacklists, custom-bad-referrers.conf and blacklist-user-agents.conf allow complete over-riding of anything, tested and 100% working. Let's say you do not like GoogleBot for some strange reason you can 100% block it or even rate limit it. The same goes for what we call Bad User-Agents / Bad-Bots. If you disagree with something, you can whitelist it in these two includes and your whitelisting rule will reign supreme.
  • Rate limiting - values adjusted to 12r/min enforce rate limiting on rate-limited bots
  • Settings added to botblocker-nginx-settings.conf to stop certain [WARN] messages from Nginx on newer versions. Grab the latest copy if you are getting the variables_hash_max_size or variables_hash_bucket_size warnings.
  • New Super Whitelist mode added to blockbots.conf which allows you to specify certain IP addresses which can totally bypass the blocker entirely. This is useful for some people who want bypass the blocker from certain IP's and still have the blocker protecting the rest of the web sites on the server.
  • Additional Build tests now test the blocker all the way up to mainline Nginx, currently 1.17.1
  • Bug found in setup-ngxblocker, so far all tests are passing.
  • Updated commenting in all includes with better examples and new regex format.

Still in progress

  • Additional tests to test a multitude of variants of nginx.conf formats against install-ngxblocker, setup-ngxblocker and update-ngxblocker - this will be done in a new branch perhaps.
  • PyFunceble testing which will test the status of all domains ACTIVE / INACTIVE / INVALID to help keep lists fresh and free from dead hosts - also may be conducted in a separate branch.

Issues

As always report any issues with the new version and they will be addressed but nobody should experience any breaking changes whatsoever with the new version.

Thank you everyone for your continued support of this project. The blocker is now even more rock solid than before.

Remember a coffee goes a long way - Send me a coffee at https://ko-fi.com/mitchellkrog I've been through at least 25 gallons worth the past 7 days :rofl:

mitchellkrogza avatar Jun 27 '19 14:06 mitchellkrogza