fwiw,
I use the map approach discussed here.
I've a list of a hundred or so 'bad bots'.
I reply with a 444. Screw 'em.
IMO, the performance hit of blocking them is far less than the performance havoc they wreak if allowed to (try to) scan your site, &/or the inevitable flood of crap from your "new BFFs" originating from under dozens of rocks ...
I also scan my logs for bad bot hits' 444 rejects (often using just fail2ban) , and when over whatever threshhold I set, I mod an firewall IPSET with the errant IP and that takes care of them for whatever time period I choose, with a much lower performance hit on my server.
Ideal? Nope. WORKSFORME? Absolutely.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx