diff --git a/config/nginx/bitrix.conf b/config/nginx/bitrix.conf
index 7b63d4b..2b741a4 100644
--- a/config/nginx/bitrix.conf
+++ b/config/nginx/bitrix.conf
@@ -2,28 +2,8 @@ ssl_certificate      /etc/nginx/letsencrypt/live/favor-group.ru/fullchain.pem;
 ssl_certificate_key  /etc/nginx/letsencrypt/live/favor-group.ru/privkey.pem;
 ssl_trusted_certificate /etc/nginx/letsencrypt/live/favor-group.ru/chain.pem;
 
-## block the bad actors
-set $block 0;
-
-if ($bad_agent) {
-    set $block 1;
-}
-
-if ($bad_ip) {
-    set $block 1;
-}
-
-# don't block bots users from using sitemap
-if ($request_uri ~ ^/sitemap/$) {
-    set $block 0;
-}
-
-#if ($block) {
-#    return 302 https://$host/sitemap/;
-#}
-## end of block
-
 include security_headers.conf;
+include bots.conf;
 # CSP headers, too dangerous to include to the code someone will copy and run
 include /etc/nginx/private.conf.d/bitrix_csp_headers.conf;
 
diff --git a/config/nginx/bots.conf b/config/nginx/bots.conf
new file mode 100644
index 0000000..36137fe
--- /dev/null
+++ b/config/nginx/bots.conf
@@ -0,0 +1,18 @@
+## mark the bad actors
+# do not include this file for static resources as it prevents caching
+# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_valid
+set $block 0;
+
+if ($bad_agent) {
+    set $block 1;
+}
+
+if ($bad_ip) {
+    set $block 1;
+}
+
+if ($block) {
+#    return 302 https://$host/sitemap/;
+}
+## end of block
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 2eb9ebf..899d802 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -61,6 +61,7 @@ services:
       - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./config/nginx/bitrix.conf:/etc/nginx/bitrix.conf:ro
       - ./config/nginx/fastcgi.conf:/etc/nginx/fastcgi.conf:ro
+      - ./config/nginx/bots.conf:/etc/nginx/bots.conf:ro
       - ./config/nginx/security_headers.conf:/etc/nginx/security_headers.conf:ro
       - ./config/nginx/static-cdn.conf:/etc/nginx/static-cdn.conf:ro
       - ./config/nginx/conf.d:/etc/nginx/conf.d:ro