This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Mabizle on 2025-04-14 23:59:45+00:00.

How do i block all cloud providers from accessing my website? I use opnsense and nginx reverse proxy. 99% of sniffing comes from cloud providers.

edit:

I run private sites where only friends and family have accounts to login. I already block all but 2 countries via rule/alias. How i need to refine blocking all cloud providers that utilize bot to sniff traffic. I already block sniffing user agents if i catch them on the logs accessing certain folders or using the whois command. Now i am blocking some cloud providers / corporate vpn from accessing my reverse proxy. I do not know how to create custom naxsi WAF rules for searching folders/files that are still giving 400 errors.

edit 2: user agents of bots

Python-urllib

Nmap

python-requests

libwww-perl

MJ12bot

Jorgee

fasthttp

libwww

Telesphoreo

A6-Indexer

ltx71

ZmEu

sqlmap

LMAO/2.0

l9explore

l9tcpid

Masscan

Ronin/2.0

Hakai/2.0

Indy\sLibrary

^Mozilla/[\d.]+$

Morfeus\sFucking\sScanner

MSIE\s[0-6].\d+

^Expanse.*.$

^FeedFetcher.*$

^.*Googlebot.*$

^.*bingbot.*$

^.*Keydrop.*$

^.*GPTBot.*$

^-$

^.*GRequests.*$

^.*wpbot.*$

^.*forms.*$

^.*zgrab.*$

^.*ZoominfoBot.*$

^.*facebookexternalhit.*$

^.*Amazonbot.*$

^.*DotBot.*$

^.*Hello.*$

^.*CensysInspect.*$

^.*Go-http-client/2.0.*$

^.*python-httpx.*$

^.*Headless.*$

^.*archive.*$

^.*applebot.*$

^.*Macintosh.*$