diff --git a/.docker/images/nginx/conf/001_govcms_block.conf b/.docker/images/nginx/conf/001_govcms_block.conf
new file mode 100644
index 000000000..ff204a5a3
--- /dev/null
+++ b/.docker/images/nginx/conf/001_govcms_block.conf
@@ -0,0 +1,32 @@
+map $uri $is_restricted_path {
+    default 0;
+    ~^/user(/.*)?$ 1;
+    ~^/entity/user(/.*)?$ 1;
+}
+
+map $http_content_type $is_json_content_type {
+    default 0;
+    ~*application/json 1;
+}
+
+map $http_user_agent $is_deepseek_bot {
+    default 0;
+    ~*DeepSeek 1;
+}
+
+map $is_restricted_path:$request_method:$is_json_content_type $allowed {
+    # /user/{user} rules
+    1:DELETE:0  0;  # Allow DELETE on /user/{user} if not JSON
+    1:DELETE:1  0;  # Block DELETE on /user/{user} if JSON
+    1:GET:0     1;  # Allow GET on /user/{user} if not JSON
+    1:GET:1     1;  # Allow GET on /user/{user} if JSON
+    1:PATCH:0   1;  # Allow PATCH on /user/{user} if not JSON
+    1:PATCH:1   0;  # Block PATCH on /user/{user} if JSON
+    1:PUT:1     0;  # Block PUT on /user/{user}
+    
+    # /entity/user rules
+    2:POST:0    1;  # Allow POST on /entity/user if not JSON
+    2:POST:1    0;  # Block POST on /entity/user if JSON
+
+    default     1;
+}
\ No newline at end of file
diff --git a/.docker/images/nginx/helpers/201-blocks.conf b/.docker/images/nginx/helpers/201-blocks.conf
index aee258b64..7e6fb361c 100644
--- a/.docker/images/nginx/helpers/201-blocks.conf
+++ b/.docker/images/nginx/helpers/201-blocks.conf
@@ -23,3 +23,15 @@ location ~* ^/wp-(admin|content|includes|json|login) {
 if ($query_string ~* (=node/add|=user/register)) {
     return 403;
 }
+
+# Block requests based on the path and method.
+# @see 001_govcms_block.conf
+if ($allowed = 0) {
+    return 403;
+}
+
+# Block DeepSeek bots.
+# @see 001_govcms_block.conf
+if ($is_deepseek_bot = 1) {
+    return 403;
+}
\ No newline at end of file