nginx vulnerability scanner

September 29, 2016 180 views
Nginx Apache WordPress

I recently changed servers from Apache to Nginx...
How do I write this information (.htaccess) a simple redirect against web scanner on file nginx.conf:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} wpscan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SF [OR]
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]
RewriteCond %{HTTP:Acunetix-Product} ^WVS
RewriteRule ^.* [R=301,L]

Thank you!

2 Answers


The htaccess rules that you've posted block traffic whose user-agent matches a specific list. The user agent in nginx is stored in the $http_user_agent variable, so you will want to compare that against a Regular Expression pattern and block the requests if it does match.

One more thing to note is that the htaccess rules use the [NC] flag, which makes Apache match the patterns in a case-insensitive manner. The nginx equivalent is appending an * to the ~, as you can see below.

if ($http_user_agent ~* (^|dirbuster|nikto|wpscan|SF|sqlmap|fimap|nessus|whatweb|Openvas|jbrofuzz|libwhisker|webshag)) {
    return 444;

return 444 simply drops the connection. You might want to do that instead of sending back a redirect to Though, you can replace it with 403 in order to send a 403 Forbidden error.

Finally, to check if the Acunetix-Product header exists, add the following if block:

if ($http_acunetix_product) {
    return 444;

Thanks works!
You've solved many problems ;-) Grazie dall'Italia

Have another answer? Share your knowledge.