How to Block User Agents With Nginx

Recently, Cloudflare has launched a clumsy, poorly-executed attempt to centralize the fediverse on their platform known as Wildebeest. There are a few reasons not to want to use it, and you probably don't want to be federating with it either. However, blocking every instance running it on sight would be both tedious and ineffective.

The way I've chosen to deal with this is to just configure my reverse proxy, Nginx, to deny connections from anything with "wildebeest" in the user agent string. There are several other good reasons to do this, such as blocking bots that ignore robots.txt, or adapting this approach to serve specialized pages to old browsers, or just denying access to anything that isn't Chrome if you want to earn your place in the 9th circle of Hell.

I'm assuming here that you already know the basics of configuring Nginx, otherwise this article won't really be of much use to you.

How to do it

Paste this into the main server block of your Nginx config to instantly drop the connection to any client with a "Wildebeest" (case insensitive) user agent:

/etc/nginx/sites-available/yoursite if ($http_user_agent ~* (wildebeest)) {
    return 444;

More configuration

If all you want is to block Wildebeest and forget about it, you can leave now. If you want to customize this behavior further, read on.

Different HTTP responses

444 is a custom response code in Nginx that just drops the connection immediately. You can use any other HTTP error code you like, for example to return a 403 Forbidden error:

return 403;

To issue a permanent redirect to some other URL:

return 301;

Or just to be silly :3

return 418;

Block multiple user agents

You can also block multiple user agents in one statement like so:

/etc/nginx/sites-available/yoursite if ($http_user_agent ~* (wildebeest|googlebot)) {
    return 444;


One thing I'd recommend doing is moving all your user agent blocks to a separate file that you can include in all your Nginx sites. I place this file at /etc/nginx/includes/bans:

/etc/nginx/includes/bans if ($http_user_agent ~* (wildebeest|googlebot)) {
    return 444;
/etc/nginx/sites-available/yoursite include /etc/nginx/includes/bans;

The include statement goes in your server block as before.