Block AI Bots

Author: mythz

MyApp/Configure.UserAgentBlocking.cs

@@ -0,0 +1,151 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace MyApp;
+
+/// <summary>
+/// Options for configuring the UserAgentBlockingMiddleware
+/// </summary>
+public class UserAgentBlockingOptions
+{
+    /// <summary>
+    /// List of user agents to block (supports exact matches or substring matches)
+    /// </summary>
+    public List<string> BlockedUserAgents { get; set; } = new();
+
+    /// <summary>
+    /// HTTP status code to return when a user agent is blocked (defaults to 403 Forbidden)
+    /// </summary>
+    public int BlockedStatusCode { get; set; } = StatusCodes.Status403Forbidden;
+
+    /// <summary>
+    /// Optional message to return in the response body when a user agent is blocked
+    /// </summary>
+    public string BlockedMessage { get; set; } = "Access denied based on your user agent";
+
+    /// <summary>
+    /// If true, will perform case-insensitive matching (defaults to true)
+    /// </summary>
+    public bool IgnoreCase { get; set; } = true;
+
+    /// <summary>
+    /// If true, blocked requests will be logged (defaults to true)
+    /// </summary>
+    public bool LogBlockedRequests { get; set; } = true;
+}
+
+/// <summary>
+/// Middleware that blocks requests from specific user agents
+/// </summary>
+public class UserAgentBlockingMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly UserAgentBlockingOptions _options;
+    private readonly ILogger<UserAgentBlockingMiddleware> _logger;
+
+    public UserAgentBlockingMiddleware(
+        RequestDelegate next,
+        IOptions<UserAgentBlockingOptions> options,
+        ILogger<UserAgentBlockingMiddleware> logger)
+    {
+        _next = next ?? throw new ArgumentNullException(nameof(next));
+        _options = options?.Value ?? throw new ArgumentNullException(nameof(options));
+        _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+    }
+
+    public async Task InvokeAsync(HttpContext context)
+    {
+        if (context == null)
+        {
+            throw new ArgumentNullException(nameof(context));
+        }
+
+        // Get the User-Agent header
+        string userAgent = context.Request.Headers["User-Agent"].ToString();
+
+        // Check if the user agent should be blocked
+        if (ShouldBlockUserAgent(userAgent))
+        {
+            // Log the blocked request if enabled
+            if (_options.LogBlockedRequests)
+            {
+                _logger.LogInformation(
+                    "Request blocked from user agent: {UserAgent}, IP: {IPAddress}, Path: {Path}",
+                    userAgent,
+                    context.Connection.RemoteIpAddress,
+                    context.Request.Path);
+            }
+
+            // Set the response status code
+            context.Response.StatusCode = _options.BlockedStatusCode;
+            context.Response.ContentType = "text/plain";
+
+            // Write the blocked message to the response
+            await context.Response.WriteAsync(_options.BlockedMessage);
+            return;
+        }
+
+        // If not blocked, continue to the next middleware
+        await _next(context);
+    }
+
+    private bool ShouldBlockUserAgent(string userAgent)
+    {
+        if (string.IsNullOrEmpty(userAgent))
+        {
+            // You might want to block requests with no user agent
+            // Return true here if you want to block empty user agents
+            return false;
+        }
+
+        foreach (var blockedAgent in _options.BlockedUserAgents)
+        {
+            var comparison = _options.IgnoreCase
+                ? StringComparison.OrdinalIgnoreCase
+                : StringComparison.Ordinal;
+
+            if (userAgent.Contains(blockedAgent, comparison))
+                return true;
+            if (blockedAgent.Contains(' ') && userAgent.Contains(blockedAgent.Replace(" ",""), comparison))
+                return true;
+        }
+
+        return false;
+    }
+}
+
+/// <summary>
+/// Extension methods for registering the UserAgentBlockingMiddleware
+/// </summary>
+public static class UserAgentBlockingMiddlewareExtensions
+{
+    /// <summary>
+    /// Adds the UserAgentBlockingMiddleware to the application pipeline
+    /// </summary>
+    public static IApplicationBuilder UseUserAgentBlocking(
+        this IApplicationBuilder builder)
+    {
+        return builder.UseMiddleware<UserAgentBlockingMiddleware>();
+    }
+
+    /// <summary>
+    /// Adds the UserAgentBlockingMiddleware to the application pipeline with custom options
+    /// </summary>
+    public static IApplicationBuilder UseUserAgentBlocking(
+        this IApplicationBuilder builder,
+        Action<UserAgentBlockingOptions> configureOptions)
+    {
+        // Create a new options instance
+        var options = new UserAgentBlockingOptions();
+
+        // Apply the configuration
+        configureOptions(options);
+
+        // Use the middleware with the configured options
+        return builder.UseMiddleware<UserAgentBlockingMiddleware>(Options.Create(options));
+    }
+}

MyApp/Program.cs

@@ -62,6 +62,33 @@
 services.AddBlazorServerIdentityApiClient(baseUrl);
 services.AddLocalStorage();
 
+// Register the options in the dependency injection container
+services.Configure<UserAgentBlockingOptions>(options =>
+{
+    // Add user agents to block
+    options.BlockedUserAgents.AddRange([
+        "bytespider",
+        "gptbot",
+        "gptbot",
+        "claudebot",
+        "amazonbot",
+        "imagesiftbot",
+        "semrushbot",
+        "dotbot",
+        "semrushbot",
+        "dataforseobot",
+        "WhatsApp Bot",
+        "HeadlessChrome",
+        "PetalBot",
+    ]);
+    
+    // Optional: Customize the response status code
+    // options.BlockedStatusCode = StatusCodes.Status429TooManyRequests;
+    
+    // Optional: Customize the blocked message
+    options.BlockedMessage = "This bot is not allowed to access our website";
+});
+
 services.AddServiceStack(typeof(MyServices).Assembly);
 
 services.AddOutputCache(options =>
@@ -84,6 +111,9 @@
     app.UseHsts();
 }
 
+// Add the middleware early in the pipeline (before routing and endpoints)
+app.UseUserAgentBlocking();
+
 //TODO: Remove after bing search no longer includes these links
 string[] redirectPosts = [
     "net8-blazor-template",

MyApp/wwwroot/robots.txt

@@ -1,6 +1,41 @@
 User-agent: Googlebot
+Allow: /
+User-agent: YandexBot
+Allow: /
+User-agent: Bingbot
+Allow: /
+User-agent: ahrefsbot
+Allow: /
+User-agent: Baidu Spider
+Allow: /
+User-agent: coccocbot
+Allow: /
+User-agent: yacybot
+Allow: /
+User-agent: oai-searchbot
+Allow: /
 
+User-agent: bytespider
+Disallow: /
+User-agent: gptbot
+Disallow: /
+User-agent: claudebot
+Disallow: /
+User-agent: amazonbot
+Disallow: /
+User-agent: imagesiftbot
+Disallow: /
+User-agent: mj12bot
+Disallow: /
+User-agent: semrushbot
+Disallow: /
+User-agent: dotbot
+Disallow: /
+User-agent: dataforseobot
+Disallow: /
+User-agent: WhatsApp Bot
+Disallow: /
 User-agent: *
-Allow: /
+Disallow: /
 
 Sitemap: https://pvq.app/sitemap.xml