limit_req_zone $anti_spider zone=anti_spider:60m rate=100r/m;
server
{
    listen 80 default_server;
        listen 443 ssl http2 default_server;
    server_name ***.co *.***.co www.***.co;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/***;

    #CERT-APPLY-CHECK--START
    # 用于SSL证书申请时的文件验证相关配置 -- 请勿删除
    include /www/server/panel/vhost/nginx/well-known/***.conf;
    #CERT-APPLY-CHECK--END

    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /www/server/panel/vhost/cert/***/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/***/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA2:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;

    #SSL-END
    #引用重定向规则，注释后配置的重定向代理将无效
    include /www/server/panel/vhost/nginx/redirect/***/*.conf;

    #ERROR-PAGE-START  错误页配置，可以注释、删除或修改
    #error_page 404 /404.html;
    error_page 502 /error.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP引用配置，可以注释或修改
    include enable-php-74.conf;
    #PHP-INFO-END

    #REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
    include /www/server/panel/vhost/rewrite/***.conf;
    #REWRITE-END

    #禁止访问的文件或目录
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    #一键申请SSL证书验证目录相关设置
    location ~ \.well-known{
        allow all;
    }

    #禁止在证书验证目录放入敏感文件
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null;
    }
    
    #某个server中
    limit_req zone=anti_spider burst=5 nodelay;

    #TencentTraveler|Baiduspider+|BaiduGame|bingbot|DotBot|DataForSeoBot|SemrushBot|Googlebot|Sosospider+|Sogou web spider|ia_archiver|Yahoo! Slurp|YoudaoBot|Yahoo Slurp|MSNBot|Java (Often spam bot)|BaiDuSpider|Voila|Yandex bot|BSpider|twiceler|Sogou Spider|Speedy Spider|Google AdSense|Heritrix|Python-urllib|Alexa (IA Archiver)|Ask|Exabot|Custo|OutfoxBot/YodaoBot|yacy|SurveyBot|legs|lwp-trivial|Nutch|StackRambler|The web archive (IA Archiver)|Perl tool|MJ12bot|Netcraft|MSIECrawler|WGet tools|larbin|Fish search|360Spider|YisouSpider|SogouSpider|Bytespider|AspiegelBot|YoudaoBot|MJ12bot|YandexBot|Yahoo
    #其它爬虫限制参考
     if ($http_user_agent ~* "Baiduspider|baiduspider|Googlebot|Sosospider+|Baiduspider-render|Sogou web spider|bcebos-spider-1.0|baiduboxapp|360Spider|Yahoo! Slurp|YoudaoBot|Yahoo Slurp|MSNBot|Sogou|Sogou web spider|Yisouspider|Googlebot|yahoo|ToutiaoSpider|bytespider|bingbot|YandexBot|qihoobot|MSNBot|Sogou spider|Sogou web spider|YoudaoBot|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|Sosospider")
     {
      set $anti_spider $http_user_agent;
     }
     if ($http_user_agent ~* "Python-urllib|Bot|ClaudeBot|python|MJ12bot|AhrefsBot|hubspot|opensiteexplorer|leiki|webmeup|Amazonbot|ia_archiver|Tomato Bot|www.seokicks.de|YYSpider|Mattermost|Discord|CCBot|RepoLookoutBot|tracking|serpstatbot|Pinterestbot|SurdotlyBot|DataForSeoBot|DigExt|HttpClient|MJ12bot|heritrix|EasouSpider|Ezooms|FlightDeckReports|Linguee Bot|Web-Crawler|WellKnownBot|Yellowbrandprotectionbot|ev-crawler|NE Crawler|Facebot|GrapeshotCrawler|SemrushBot|DotBot|MegaIndex.ru|MauiBot|AhrefsBot|MJ12bot|BLEXBot|HubSpot Crawler|CriteoBot|Web-Crawler|web-crawlers|DataForSeoBot|YaK|Mail.RU_Bot|Barkrowler|crawler|SEOkicks-Robot|vxiaotou-spider|telegram|dingtalk|Twitterbot|DuckDuckGo|applebot|webprosbot|AwarioBot|AmazonAdBot|YouBot|YandexBot|spbot|DnyzBot|Researchscan|yahoo|AhrefsBot|DotBot|Uptimebot|MJ12bot|MegaIndex.ru|ZoominfoBot|Mail.Ru|SeznamBot|BLEXBot|ExtLinksBot|aiHitBot|Barkrowler")
     {
       return 403;
     }
      ##参数说明：
      ##指令limit_req_zone 中的rate=200r/m 表示每分钟只能处理200个请求。
      ##指令limit_req 中的burst=5 表示最大并发为5。即同一时间只能同时处理5个请求。
      ##指令limit_req 中的 nodelay 表示当已经达到burst值时，再来新请求时，直接返回503
      ##IF部分用于判断是否是百度蜘蛛的user agent。如果是，就对变量$anti_spider赋值。这样就做到了只对百度蜘蛛进行限制了。
      #limit_req zone=conn_ttlsa_com burst=5;
      #limit_conn req_ttlsa_com 1;
      #limit_rate 500k;
      ##详细的参数说明，可以查看官方文档。
      ##http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req_zone
    
    access_log  /www/wwwlogs/***.log;
    error_log  /www/wwwlogs/***.error.log;
}