summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSven Göthel <[email protected]>2024-06-02 20:00:37 +0200
committerSven Göthel <[email protected]>2024-06-02 20:00:37 +0200
commit5c57ce6f6a4ccabf8fbf75255f8738c905b1d617 (patch)
tree8b85e799bc08fa74bb12f52306f65ae4446296ad
parent9bba8ba2f3b21732509823eaf4c0fada4df04e1a (diff)
apache2: filter out misbehaving bots ..
Diffstat
-rw-r--r--server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-require.conf3
-rw-r--r--server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-rewrite.conf3
-rw-r--r--server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf24
-rw-r--r--server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf24
4 files changed, 54 insertions, 0 deletions
diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-require.conf b/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-require.conf
new file mode 100644
index 0000000..ad27953
--- /dev/null
+++ b/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-require.conf
@@ -0,0 +1,3 @@
+# Alibaba Cloud HK
+Require not ip 47.76.209.138
+Require not ip 47.76.99.127
diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-rewrite.conf b/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-rewrite.conf
new file mode 100644
index 0000000..c2e7405
--- /dev/null
+++ b/server/setup/05-service-settings/etc/apache2/sites-available/ip-bot-filter-rewrite.conf
@@ -0,0 +1,3 @@
+# Alibaba Cloud HK
+RewriteCond %{REMOTE_ADDR} ^47\.76\.209\.138 [OR]
+RewriteCond %{REMOTE_ADDR} ^47\.76\.99\.127
diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
index be36970..4eb3f11 100644
--- a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
+++ b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org-ssl.conf
@@ -254,6 +254,27 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted
+ #<RequireAll>
+ # Require all granted
+ # Include sites-available/ip-bot-filter-require.conf
+ #</RequireAll>
+
+ RewriteEngine On
+ RewriteBase "/cgit/"
+ RewriteCond %{HTTP_USER_AGENT} Bytespider [OR]
+ RewriteCond %{HTTP_USER_AGENT} Amazonbot [OR]
+ RewriteCond %{HTTP_USER_AGENT} Googlebot [OR]
+ RewriteCond %{HTTP_USER_AGENT} AdsBot-Google [OR]
+ RewriteCond %{HTTP_USER_AGENT} msnbot [OR]
+ RewriteCond %{HTTP_USER_AGENT} AltaVista [OR]
+ RewriteCond %{HTTP_USER_AGENT} CensysInspect [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3963.65 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.2350.138 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.2671.137 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=" [OR]
+ RewriteCond %{HTTP_USER_AGENT} Slurp [OR]
+ Include sites-available/ip-bot-filter-rewrite.conf
+ RewriteRule . - [F,L]
</Directory>
<Directory "/srv/www/jogamp.org/git">
Include sites-available/gitweb-to-cgit-rel_ssl.conf
@@ -297,6 +318,9 @@ SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
# </Location>
Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/
+ Include sites-available/ip-bot-filter-rewrite.conf
+ RewriteRule . - [F,L]
+
RewriteCond %{HTTP_HOST} ^www\.jogamp\.org$ [NC]
RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
diff --git a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf
index 8cb5e37..d08099e 100644
--- a/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf
+++ b/server/setup/05-service-settings/etc/apache2/sites-available/jogamp_org.conf
@@ -64,6 +64,27 @@
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted
+ #<RequireAll>
+ # Require all granted
+ # Include sites-available/ip-bot-filter-require.conf
+ #</RequireAll>
+
+ RewriteEngine On
+ RewriteBase "/cgit/"
+ RewriteCond %{HTTP_USER_AGENT} Bytespider [OR]
+ RewriteCond %{HTTP_USER_AGENT} Amazonbot [OR]
+ RewriteCond %{HTTP_USER_AGENT} Googlebot [OR]
+ RewriteCond %{HTTP_USER_AGENT} AdsBot-Google [OR]
+ RewriteCond %{HTTP_USER_AGENT} msnbot [OR]
+ RewriteCond %{HTTP_USER_AGENT} AltaVista [OR]
+ RewriteCond %{HTTP_USER_AGENT} CensysInspect [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3963.65 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.2350.138 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.2671.137 Safari/537.36" [OR]
+ #RewriteCond %{HTTP_USER_AGENT} "=" [OR]
+ RewriteCond %{HTTP_USER_AGENT} Slurp [OR]
+ Include sites-available/ip-bot-filter-rewrite.conf
+ RewriteRule . - [F,L]
</Directory>
<Directory "/srv/www/jogamp.org/git">
Include sites-available/gitweb-to-cgit-rel.conf
@@ -79,6 +100,9 @@
Require all granted
</Directory>
+ Include sites-available/ip-bot-filter-rewrite.conf
+ RewriteRule . - [F,L]
+
#
# Due to security concerns, session hijacking .. etc .. the whole
# bugzilla stream will go over https
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 03:09:13 +0000