How to block by user agent?!

Im using nginx 0.7.60 for my blog, but I get a lot of weird requests
from some users agent “Zulu_1.0”. I wanna block it. How could this be
done in nginx? If anyone has an idea please let me know.

Sample from access_log:

190.166.242.217 - - [25/Jun/2009:06:58:57 -0500] “GET /status HTTP/1.1”
404 33136 “www.windowsupdate.com” “Zulu_1.0” “-”
209.161.112.5 - - [25/Jun/2009:07:01:02 -0500] “GET /status HTTP/1.1”
404 33136 “www.windowsupdate.com” “Zulu_1.0” “-”
68.9.101.55 - - [25/Jun/2009:07:04:18 -0500] “GET /status HTTP/1.1” 404
33136 “www.windowsupdate.com” “Zulu_1.0” “-”
200.75.204.138 - - [25/Jun/2009:07:06:48 -0500] “GET /status HTTP/1.1”
404 33135 “www.windowsupdate.com” “Zulu_1.0” “-”
200.88.242.99 - - [25/Jun/2009:07:07:25 -0500] “GET /status HTTP/1.0”
404 33092 “www.windowsupdate.com” “Zulu_1.0” “10.0.0.74, 127.0.0.1”
200.74.156.42 - - [25/Jun/2009:07:08:49 -0500] “GET /status HTTP/1.1”
404 33136 “www.windowsupdate.com” “Zulu_1.0” “-”

Robert G. wrote:

Im using nginx 0.7.60 for my blog, but I get a lot of weird requests
from some users agent “Zulu_1.0”. I wanna block it. How could this be
done in nginx? If anyone has an idea please let me know.

Try:

if ($http_user_agent ~ “Zulu_1.0” ) {
return 403;
}

I didn’t find Zulu here[1] or there[2], so it may be someone faking
their user-agent string. See if the IP is the same, work from there
(although IPs can be dynamic, i know…)

[1] UserAgentString.com - List of User Agent Strings
[2] List of User-Agents (Spiders, Robots, Browser)

Thanks guys for the help, Im not sure what the hell Zulu crap is, but I
had to block it. It works the idea so now they are going to fbi.gov :smiley: