Nginx, fail2ban and blocking hackers

On my development web server machine I am blocking all access that doesn’t use a domain name. This is very easy. My default nginx server simply returns error 499 and my fail2ban filter and jail blocks all error 499 return codes forever.

Here is my nginx default.conf:
server {
listen 80 default;
return 499;
}

I would like to do the same on production, except for ‘good’ search engines like google, bing, etc. Any suggestions?

I use GitHub - mitchellkrogza/nginx-ultimate-bad-bot-blocker: Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders and it worked really nice. Try it out.

Thanks, I will check it out.