Using 444

[Brett Cooper]

Hi Paul,

If that server block is only serving Perl and nothing else at all, you 
should be fine to just strip out anything PHP-extension request-like 
without using the if statement. Judging with what you've stated, and 
without having seen access/error logs, it might be best to simply use 
the following for the Perl server configuration block:

location ~ \.php$ {  return 444; }

It may also be pertinent to utilize `access_log off; ` and 
`log_not_found off;` within that location clause if you are also having 
resource/log-storage issues.

Additionally, if the bogus PHP requests are coming from clients not 
sending a user agent (which from my POV, has been a common theme with 
probing bots lately), you could also configure this within the overall 
server {} block:

if ($http_user_agent = "") {  return 444; }

Regards,
Brett


------ Original Message ------
>From "Paul" <paul at stormy.ca>
To nginx at freenginx.org
Date 08/28/2025 07:13:26 P
Subject Using 444

>I'm looking for advice, please. Using Nginx v1.18.0 (Ubuntu) which is "old" but security updated by Canonical, rock solid and very fast, for several static html sites and as proxy to a couple of other sites using python or perl. Total ~250k requests/day
>
>Recently logs have started showing ~10k php requests in rapid bursts. On a proxy to a perl box, this is a serious slow down
>
>I've added the following, appears to work well
>
>location ~ \.php$ {
>	if ($request_method = GET) {
>		return 444; # Drop
>	}
>}
>
>I'm considering editing to  ^(GET|HEAD|POST)$) {
>
>Any thoughts, downsides, recommendations?
>
>Tnx and warmest regards to all,
>Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freenginx.org/pipermail/nginx/attachments/20250829/e5aebb4b/attachment.htm>