Caddy: blocked IP ranges involved in botnets. Thanks to return42
This commit is contained in:
parent
11389f5995
commit
01df53a703
@ -14,7 +14,7 @@ They are deployed with [Compose files](templates/compose) and load balanced acco
|
||||
|
||||
## Configurations
|
||||
|
||||
Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.
|
||||
Our caddy server blocks IP ranges that have been involved in mass spams or botnets. The [mass spam block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). The [botnet block range file](https://raw.githubusercontent.com/return42/sandbox/main/data/searxng/ipv4_botnet.lst) is created by [return42](https://github.com/return42). Thanks to their team.
|
||||
|
||||
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.
|
||||
|
||||
|
||||
@ -33,6 +33,13 @@
|
||||
set_fact:
|
||||
blocked_ranges: "{{ result.stdout | from_yaml }}"
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Parse IP block range file by return42
|
||||
set_fact:
|
||||
botnet_ranges: "{{ lookup('url', 'https://raw.githubusercontent.com/return42/sandbox/main/data/searxng/ipv4_botnet.lst') | regex_replace(',', ' ') | trim }}"
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Set up Caddyfile
|
||||
|
||||
@ -94,8 +94,12 @@
|
||||
}
|
||||
|
||||
# IP block range by ProjectSegfault
|
||||
@denied client_ip {{ blocked_ranges }}
|
||||
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
|
||||
@spam client_ip {{ blocked_ranges }}
|
||||
respond @spam "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
|
||||
|
||||
# IP block range by return42
|
||||
@botnet client_ip {{ botnet_ranges }}
|
||||
respond @botnet "Unfortunately, your IP is part of a range that has been involved in a botnet to our servers. If you think our action was a mistake, please email us." 403
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
'(.*\.)?music.youtube\.com$': 'beatbump.io'
|
||||
'(.*\.)?youtube\.com$': 'invidious.fdn.fr'
|
||||
'(.*\.)?youtu\.be$': 'invidious.fdn.fr'
|
||||
'(.*\.)?youtube-noocookie\.com$': 'invidious.fdn.fr'
|
||||
#'(.*\.)?youtube\.com$': 'invidious.fdn.fr'
|
||||
#'(.*\.)?youtu\.be$': 'invidious.fdn.fr'
|
||||
#'(.*\.)?youtube-noocookie\.com$': 'invidious.fdn.fr'
|
||||
#'(.*\.)?reddit\.com$': 'redlib.pussthecat.org'
|
||||
#'(.*\.)?redd\.it$': 'redlib.pussthecat.org'
|
||||
'(.*\.)?reddit\.com$': 'redlib.seasi.dev'
|
||||
|
||||
@ -1,22 +1,10 @@
|
||||
compose:
|
||||
oracle1:
|
||||
- searxng
|
||||
oracle2:
|
||||
- searxng
|
||||
oracle3:
|
||||
- searxng
|
||||
oracle4:
|
||||
- searxng
|
||||
|
||||
config:
|
||||
oracle1:
|
||||
- searxng
|
||||
oracle2:
|
||||
- searxng
|
||||
oracle3:
|
||||
- searxng
|
||||
oracle4:
|
||||
- searxng
|
||||
- caddy
|
||||
|
||||
compose:
|
||||
oracle4:
|
||||
- caddy
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user