diff --git a/.docker/nginx.conf b/.docker/nginx.conf
index 8fe03dbc7..1f76daf1f 100644
--- a/.docker/nginx.conf
+++ b/.docker/nginx.conf
@@ -34,3 +34,15 @@ http {
 
     include /etc/nginx/conf.d/*.conf;
 }
+
+# Define which paths to protect
+location ~ ^/(flag/flag|admin|user/login) {
+    # Block bots on these paths only
+    if ($http_user_agent ~* (bot|crawler|spider|scraper)) {
+        return 403;
+    }
+
+    if ($http_referer = "") {
+        return 403;
+    }
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50f73b264..252478023 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+* [PR-623](https://github.com/itk-dev/deltag.aarhus.dk/pull/623)
+  Add nginx block of bots to flags
+
 ## [4.14.4] - 2026-01-27
 
 * [PR-588](https://github.com/itk-dev/deltag.aarhus.dk/pull/588)