Using 444

Maxim Dounin mdounin at mdounin.ru
Sat Sep 27 07:08:29 UTC 2025 

Hello!

On Fri, Sep 26, 2025 at 05:31:58PM -0400, Paul wrote:

> On 8/28/25 21:36, Brett Cooper wrote:
> /.../
> > If that server block is only serving Perl /.../ it might be best to simply use
> > the following for the Perl server configuration block:
> > 
> > location ~ \.php$ {  return 444; }
> > 
> > /.../ you could also configure this within the overall server {} block:
> > 
> > if ($http_user_agent = "") { return 444; }
> 
> Many thanks.
> 
> I am currently (a bit "hit and miss") using :
> 
> proxy_buffering on;     # maybe helps proxied apache2 ?

Proxy buffering is on by default (see 
http://freenginx.org/r/proxy_buffering), so there is no need to 
switch it on unless you've switched it off at previous 
configuration levels.

> connection_pool_size 512;
> client_header_buffer_size 512;
> large_client_header_buffers 4 512;

Similarly, I would rather use the default values unless you 
understand why you want to change these.

> location ~ \.php$ {  return 444; }
> if ($http_user_agent = "") {  return 444; }
> 
> But the $http_user_agent often 'appears' to be, e.g.:
> 
> 66.249.69.8 - - [26/Sep/2025:21:13:20 +0000] "GET /cgi-bin/whatever" 200
> 3672 "-" "Mozilla...)"
> 
> Note the "-" which doesn't get a 444,

Assuming the default log_format 
(https://freenginx.org/r/log_format), the "-" here is from 
$http_referer, so it is not expected to get 444.

> Tried ($http_user_agent = (""|"-")) but #nginx -t is not happy.

There is no need to, as "-" is usually constructed by logging when 
the particular header is not present in the request.  Quoting the 
documentation as linked above:

: If the variable value is not found, a hyphen (“-”) will be 
: logged.

But if you really want to, there two basic options:

1. Use two if's, that is:

if ($http_user_agent = "") { return 444; }
if ($http_user_agent = "-") { return 444; }

2. Use a regular expression.  Something like this should work:

if ($http_user_agent ~ "^(|-)$") { return 444; }

Also, depending on the traffic pattern you are seeing, it might be 
a good idea to configure limit_req / limit_conn with appropriate 
limits.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list