ansible-inventories/arocom#171 Implement rules to early deny requests that we...

ansible-inventories/arocom#171 Implement rules to early deny requests that we won'T ever handle anyway

ansible-inventories/arocom#171 Implement rules to early deny requests that we...
f27efaa0 · jurgenhaas · d677ff36 · f27efaa0 · f27efaa0
Commit f27efaa0 authored 8 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -85,3 +85,5 @@ proxy_blacklist:
    - 'exabot'
    - 'dotbot'
    - 'gigabot'
+  other:
+    - 'path_beg /wp-admin'
--- a/templates/haproxy_cfg
+++ b/templates/haproxy_cfg
@@ -59,6 +59,9 @@ frontend http_in
  http-request deny if blockedreferer
  acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
  http-request deny if blockedagent
+{% for rule in proxy_blacklist.other|default([]) %}
+  http-request deny if { {{ rule }} }
+{% endfor %}
 {% for host in groups['all'] %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}
@@ -119,6 +122,9 @@ frontend https_in_{{ cert.ip }}
  http-request deny if blockedreferer
  acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent
  http-request deny if blockedagent
+{% for rule in proxy_blacklist.other|default([]) %}
+  http-request deny if { {{ rule }} }
+{% endfor %}
 {% for host in groups['all'] %}
 {% for redirect in hostvars[host].proxy_redirect|default([]) %}
 {% for from in redirect.from %}