Skip to content
Snippets Groups Projects
Commit f27efaa0 authored by jurgenhaas's avatar jurgenhaas
Browse files

ansible-inventories/arocom#171 Implement rules to early deny requests that we...

ansible-inventories/arocom#171 Implement rules to early deny requests that we won'T ever handle anyway
parent d677ff36
No related branches found
No related tags found
No related merge requests found
......@@ -85,3 +85,5 @@ proxy_blacklist:
- 'exabot'
- 'dotbot'
- 'gigabot'
other:
- 'path_beg /wp-admin'
......@@ -59,6 +59,9 @@ frontend http_in
http-request deny if blockedreferer
acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
http-request deny if blockedagent
{% for rule in proxy_blacklist.other|default([]) %}
http-request deny if { {{ rule }} }
{% endfor %}
{% for host in groups['all'] %}
{% for redirect in hostvars[host].proxy_redirect|default([]) %}
{% for from in redirect.from %}
......@@ -119,6 +122,9 @@ frontend https_in_{{ cert.ip }}
http-request deny if blockedreferer
acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
http-request deny if blockedagent
{% for rule in proxy_blacklist.other|default([]) %}
http-request deny if { {{ rule }} }
{% endfor %}
{% for host in groups['all'] %}
{% for redirect in hostvars[host].proxy_redirect|default([]) %}
{% for from in redirect.from %}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment