求救：屏蔽爬虫试了 2 天，没成功

一台 10 年的老服务器，最近 bingbot 疯狂刷流量，用$http_user_agent 为啥屏蔽不了... nginx 日志里 N 多类似这样的记录:

172.68.244.177 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91w7t?page=2 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211
172.71.222.36 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E2%8F%A9%E5%8A%9E%E7%90%86%E7%BD%91zhengjian.shop%E2%8F%AA-%E5%93%AA%E9%87%8C%E4%B9%B0%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%F0%9F%8C%9F%E5%8A%9E%E8%AF%81%E7%BD%91zhengjian.shop%F0%9F%8C%9F-%E5%BC%A0%E5%AE%B6%E6%B8%AF%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E5%93%AA%E9%87%8C%E6%9C%89-%E5%93%AA%E9%87%8C%E5%8A%9E%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87Q5?page=3 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211

以下是完整配置

server
    {
  	listen       80;
  	listen     443 ssl;
  	#
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    ##    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;

    ## enable HSTS including subdomains
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

  	server_name  domain.com www.domain.com;
  	index index.html index.htm index.php;
  	root  /opt/htdocs/www.domain.com/public;

  	#301

  	if ($host = 'domain.com') {
  		rewrite ^/(.*)$ https://www.domain.com/$1 permanent;
  	}

#location ~ /find-app {
	if ($http_user_agent ~* "bingbot|AhrefsBot") {
return 403;
}
#}
  	location / {
          try_files $uri $uri/ /index.php?$query_string;
      }
      #申请 let’s Encrypt SSL 用
      location ~ /.well-known {
              allow all;
      }


  	if (!-e $request_filename) {
  	}

  	location ~ .*\.(php|php5)?$
  	{
  	  #fastcgi_pass  unix:/tmp/php-cgi.sock;
  	  fastcgi_pass  127.0.0.1:9000;
  	  fastcgi_index index.php;
  	  include fcgi.conf;
  	}

  	location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
  	{
  	  expires      30d;
  	}

  	location ~ .*\.(js|css)?$
  	{
  	  expires      15d;
  	}
  	access_log  /data0/logs/domain.log  access;
    }