{"id":31710365,"url":"https://github.com/fl3a/static_403_blocker","last_synced_at":"2026-04-19T04:38:14.879Z","repository":{"id":306595494,"uuid":"1026687971","full_name":"fl3a/static_403_blocker","owner":"fl3a","description":"Block unwanted web scans by creating zero-permission dummy files and directories (403).","archived":false,"fork":false,"pushed_at":"2025-08-19T14:19:41.000Z","size":50,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-19T16:31:10.955Z","etag":null,"topics":["403","bash","blocklist","deployment","dummy-files","jekyll","static-site","web-scanner-protection","webserver"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fl3a.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-26T12:00:54.000Z","updated_at":"2025-08-19T14:12:13.000Z","dependencies_parsed_at":"2025-07-26T18:30:55.441Z","dependency_job_id":"6beb756b-617a-4fba-8b99-b552d85d5c5a","html_url":"https://github.com/fl3a/static_403_blocker","commit_stats":null,"previous_names":["fl3a/static_403_blocker"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/fl3a/static_403_blocker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fl3a%2Fstatic_403_blocker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fl3a%2Fstatic_403_blocker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fl3a%2Fstatic_403_blocker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fl3a%2Fstatic_403_blocker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fl3a","download_url":"https://codeload.github.com/fl3a/static_403_blocker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fl3a%2Fstatic_403_blocker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000720,"owners_count":26082879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["403","bash","blocklist","deployment","dummy-files","jekyll","static-site","web-scanner-protection","webserver"],"created_at":"2025-10-09T00:26:36.581Z","updated_at":"2026-04-19T04:38:14.837Z","avatar_url":"https://github.com/fl3a.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# static_403_blocker\n\nBlock unwanted scanner and crawler traffic on static websites \nby pre-creating forbidden files and directories with restrictive permissions.\n\nThe `blocklist.txt` is a living document: it grows continuously \nas recurring unwanted requests are identified in server logs.  \nThe version included in this repository is kept up to date, \nreflecting the current protection rules in active use.\n\nThis script helps reduce 404 log noise \nand proactively denies access to known attack vectors \nsuch as `.env`, `/wp-login.php`, or `/vendor/` without relying on `.htaccess` \nor runtime processing.\n\n## Motivation\n\nOn static web hosts like Uberspace or minimal Nginx setups, \nhandling scan attempts via `.htaccess` \nor server configuration may not be viable. \n\nThis script offers a robust alternative:\n\n- Stop noisy or malicious requests from filling up your 404 logs\n- Use the filesystem itself to return `403 Forbidden` on access attempts\n- Avoid duplicate configuration in `.htaccess` or webserver rules\n- Rerunnable: safe to use on every deployment\n\n## How it works\n\n- Reads paths from a `blocklist.txt` file\n- For each listed file or directory:\n  - Creates it in the `$WEBROOT`\n  - Applies `000` permissions to prevent access\n- As a result, the server returns HTTP `403 Forbidden` for each path\n\nDirectories can be marked with a trailing `/`, e.g. `vendor/`, \nand the script automatically distinguishes them from files.\n\n## `blocklist.txt`\n\nBelow are example entries from the current `blocklist.txt`.  \nThis list keeps expanding over time, as new patterns are detected and added during routine log analysis.\n\n### Example `blocklist.txt`\n\n```\n# Common probe targets\n.env\nwp-login.php\ncomposer.lock\nlicense.txt\n\n# Directories often scanned\nvendor/\nwp-admin/\nwp-content/\n.git/\n\n# Legacy or historical paths\nold/\nbackup/\nbackup.zip\nindex.old.html\n\n# Custom crawler traps\nsecret-panel/\nadmin-console/\nlogin.php\n```\n\n## Usage\n\nMake the script is executable:\n\n    chmod +x static_403_blocker.sh\n\nPlace it within your `$PATH` or call it directly with `WEBROOT` as parameter.\\\nWhere `WEBROOT` is the absolute path to your website root.\\\n\nE.g.:\n    \n    static_403_blocker.sh $HOME/florian.latzel.io\n\nAdjust `BLOCKLIST` variables inside the script as needed.\\\nWhere `BLOCKLIST` is the file containing the list of paths to block\n\n## Example integration\n\nExample execution in a [Jekyll deployment](\nhttps://github.com/fl3a/jekyll_deployment) via [post_exec task](\nhttps://github.com/fl3a/florian.latzel.io/blob/e766c92f939a1ce7106af8fe8481ba9a476857d6/deploy.conf#L51) \nfor [florian.latzel.io](https://florian.latzel.io/).\n\n    post_exec=\"/home/kdoz/bin/static_403_blocker.sh $www\"\n\n## Contribute\n\n**Want to help make the blocklist better?**\n\nFollow these steps to identify unwanted traffic, clean up your data, and submit your changes via pull request.\n\n**1. Check your webserver logs for 404s (Not Found).**\\\nThe command expects Apache logs in Combined Log Format (or vCombined). Update paths and parsing if necessary.\\\nIt will output the number of hits per URL:\n\n```\ngrep ' 404 ' /`path/to/apache-logs \\\n  | cut -d'\"' -f2 \\\n  | awk '{print $2}' \\\n  | sort \\\n  | uniq -c \\\n  | sort -nr \\\n  \u003e /path/to/404-count.txt\n```\n\n\n**2. Review your 404s *carefully* and remove URLs that actually exist on your website.**\\\n(You may add them to your .htaccess instead.)\\\nThis ensures that only scanning attempts remain.\n\n**3. Remove the hit counts and leading `/`.**\n\nVim:\n\n    :%s/^\\s*\\d\\+\\s\\+\\/\\+\\(.*\\)$/\\1/\n\nShell:\n\n    sed -E 's/^[[:space:]]*[0-9]+[[:space:]]+\\/+(.+)$/\\1/' /path/to/404-count.txt\n\n**4. Add new scans to `blocklist.txt`:**\n  \n```\ncat /path/to/404-count.txt \u003e\u003e /path/to/blocklist.txt\n```\n   \n**5. Sort and remove duplicates:**\n\nVim:\n\n```   \nvi /path/to/blocklist.txt\n```\n\n```\n:sort u\n```\n\nShell:\n\n    sort -u /path/to/blocklist.txt -o /path/to/blocklist.txt\n\n**6. Add and commit `blocklist.txt`**    \n\n**7. Create a pull request to share your updates.**\n\n## Notes\n\n- Requires standard Unix tools: `stat`, `mkdir`, `touch` and `chmod`.\n- Safe to run multiple times – it skips existing files and directories\n- Adds no .htaccess or rewrite complexity\n\n## Tip\n\nTo unblock a file or directory, simply delete it from the webroot.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffl3a%2Fstatic_403_blocker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffl3a%2Fstatic_403_blocker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffl3a%2Fstatic_403_blocker/lists"}