Hi!

The htaccess rules that you've posted block traffic whose user-agent matches a specific list. The user agent in nginx is stored in the $http_user_agent variable, so you will want to compare that against a Regular Expression pattern and block the requests if it does match.

One more thing to note is that the htaccess rules use the [NC] flag, which makes Apache match the patterns in a case-insensitive manner. The nginx equivalent is appending an * to the ~, as you can see below.

if ($http_user_agent ~* (^w3af.sourceforge.net|dirbuster|nikto|wpscan|SF|sqlmap|fimap|nessus|whatweb|Openvas|jbrofuzz|libwhisker|webshag)) {
    return 444;
}

return 444 simply drops the connection. You might want to do that instead of sending back a redirect to 127.0.0.1. Though, you can replace it with 403 in order to send a 403 Forbidden error.

Finally, to check if the Acunetix-Product header exists, add the following if block:

if ($http_acunetix_product) {
    return 444;
}

Thanks works!
You've solved many problems ;-) Grazie dall'Italia