From f27efaa0e4b1d5be27d5920fe76c8dd94421dc5d Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sat, 17 Sep 2016 11:43:22 +0200
Subject: [PATCH] ansible-inventories/arocom#171 Implement rules to early deny
 requests that we won'T ever handle anyway

---
 defaults/main.yml     | 2 ++
 templates/haproxy_cfg | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 7491f6b..34796ba 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -85,3 +85,5 @@ proxy_blacklist:
     - 'exabot'
     - 'dotbot'
     - 'gigabot'
+  other:
+    - 'path_beg /wp-admin'
diff --git a/templates/haproxy_cfg b/templates/haproxy_cfg
index a500d17..ba761a4 100644
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -59,6 +59,9 @@ frontend http_in
   http-request deny if blockedreferer
   acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
   http-request deny if blockedagent
+{% for rule in proxy_blacklist.other|default([]) %}
+  http-request deny if { {{ rule }} }
+{% endfor %}
 {% for host in groups['all'] %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
@@ -119,6 +122,9 @@ frontend https_in_{{ cert.ip }}
   http-request deny if blockedreferer
   acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
   http-request deny if blockedagent
+{% for rule in proxy_blacklist.other|default([]) %}
+  http-request deny if { {{ rule }} }
+{% endfor %}
 {% for host in groups['all'] %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
-- 
GitLab