richdynamix/gist:3bf31632fd39c628346e85fd1d8dd751

## gistfile1.txt
# =====================================================
# NGINX Bot & Exploit Path Blocklist
# Prevents malicious scanners from hitting Laravel
# Returns 444 (no response) to save server + Nightwatch load
# Safe for production — avoids overbroad matches
# =====================================================

# WordPress / common CMS probes
location = /wp-login.php                    { return 444; }
location = /wp-admin                        { return 444; }
location = /xmlrpc.php                      { return 444; }
location ~* ^/wordpress                     { return 444; }

# Known exploit file paths
location = /.env                            { return 444; }
location ~* \.(env|bak|old|sql|gz|zip|yml|yaml|json|log|pem|ini|cfg)$ { return 444; }

# Backup & config files by filename (not folders)
location ~* /(backup|config|settings|secrets|credentials|mailer|aws|sendinblue)[\-_]?(prod|dev)?\.(php|js|json|yml|yaml|env|log|sql|gz|zip)$ { return 444; }

# Suspicious tool routes
location = /phpinfo.php                     { return 444; }
location = /info.php                        { return 444; }
location = /debug.php                       { return 444; }
location = /server-status                   { return 444; }
location = /console.php                     { return 444; }

# Cloud provider metadata probe attempts
location ~* ^/169\.254\.169\.254            { return 444; }
location ~* ^/latest/meta-data              { return 444; }
location ~* ^/metadata/instance             { return 444; }

# Dangerous folders with sensitive files
location ~* ^/(admin|dev|test|tmp|private|core|debug|backup|backend|cloudfront|certs|aws_lambda)/.*\.(php|js|json|yml|yaml|env|log|sql|gz|zip)$ { return 444; }

# GraphQL & API gateway probes
location ~* ^/(graphql|swagger|openapi|api-gateway|actuator)/ { return 444; }

# Block sensitive .well-known abuse
location = /.well-known/aws.json            { return 444; }

# (Optional) Block all HEAD requests if bots abuse it — test first!
# if ($request_method = HEAD) {
#     return 444;
# }

# End of blocklist
	# =====================================================
	# NGINX Bot & Exploit Path Blocklist
	# Prevents malicious scanners from hitting Laravel
	# Returns 444 (no response) to save server + Nightwatch load
	# Safe for production — avoids overbroad matches
	# =====================================================

	# WordPress / common CMS probes
	location = /wp-login.php { return 444; }
	location = /wp-admin { return 444; }
	location = /xmlrpc.php { return 444; }
	location ~* ^/wordpress { return 444; }

	# Known exploit file paths
	location = /.env { return 444; }
	location ~* \.(env\|bak\|old\|sql\|gz\|zip\|yml\|yaml\|json\|log\|pem\|ini\|cfg)$ { return 444; }

	# Backup & config files by filename (not folders)
	location ~* /(backup\|config\|settings\|secrets\|credentials\|mailer\|aws\|sendinblue)[\-_]?(prod\|dev)?\.(php\|js\|json\|yml\|yaml\|env\|log\|sql\|gz\|zip)$ { return 444; }

	# Suspicious tool routes
	location = /phpinfo.php { return 444; }
	location = /info.php { return 444; }
	location = /debug.php { return 444; }
	location = /server-status { return 444; }
	location = /console.php { return 444; }

	# Cloud provider metadata probe attempts
	location ~* ^/169\.254\.169\.254 { return 444; }
	location ~* ^/latest/meta-data { return 444; }
	location ~* ^/metadata/instance { return 444; }

	# Dangerous folders with sensitive files
	location ~* ^/(admin\|dev\|test\|tmp\|private\|core\|debug\|backup\|backend\|cloudfront\|certs\|aws_lambda)/.*\.(php\|js\|json\|yml\|yaml\|env\|log\|sql\|gz\|zip)$ { return 444; }

	# GraphQL & API gateway probes
	location ~* ^/(graphql\|swagger\|openapi\|api-gateway\|actuator)/ { return 444; }

	# Block sensitive .well-known abuse
	location = /.well-known/aws.json { return 444; }

	# (Optional) Block all HEAD requests if bots abuse it — test first!
	# if ($request_method = HEAD) {
	# return 444;
	# }

	# End of blocklist