0
0

Caddy: blocked IP ranges involved in spam. Thanks to ProjectSegfault

This commit is contained in:
Opnxng 2024-05-30 23:29:39 +08:00
parent a6a7645fb4
commit 7aa4f415f5
4 changed files with 43 additions and 10 deletions

View File

@ -14,7 +14,9 @@ They are deployed with [Compose files](templates/compose) and load balanced acco
## Configurations ## Configurations
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org). Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2). It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically. Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.

View File

@ -10,6 +10,29 @@
- not geolite.stat.exists - not geolite.stat.exists
tags: never tags: never
# ----------------------------------------------------------------------------------------------------
- name: Install yq on control host
apt:
name:
- yq
state: latest
install_recommends: false
delegate_to: "{{ control_host }}"
- name: Curl IP block range file by ProjectSegfault
command: curl --output /tmp/blocked-ranges.yaml https://raw.githubusercontent.com/ProjectSegfault/ansible/master/privfrontends/blocked-ranges.yaml
delegate_to: "{{ control_host }}"
- name: Read IP block range file by ProjectSegfault
ansible.builtin.shell: "yq -e '.blocked_ranges' /tmp/blocked-ranges.yaml"
register: result
delegate_to: "{{ control_host }}"
- name: Parse IP block range file by ProjectSegfault
set_fact:
blocked_ranges: "{{ result.stdout | from_yaml }}"
# ---------------------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------------------
- name: Set up Caddyfile - name: Set up Caddyfile
@ -18,4 +41,4 @@
dest: "{{ docker_dir }}/caddy/Caddyfile" dest: "{{ docker_dir }}/caddy/Caddyfile"
owner: 1000 owner: 1000
group: 1000 group: 1000
mode: 0755 mode: 0755

View File

@ -92,6 +92,11 @@
header_up X-Forwarded-Proto {http.request.scheme} header_up X-Forwarded-Proto {http.request.scheme}
} }
} }
# IP block range by ProjectSegfault
@denied client_ip {{ blocked_ranges }}
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
} }
# ---------------------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------------------
@ -100,6 +105,7 @@
*.{$HOSTNAME} { *.{$HOSTNAME} {
log { log {
output discard output discard
} }
@ -121,6 +127,10 @@
-Server -Server
} }
# IP block range by ProjectSegfault
@denied client_ip {{ blocked_ranges }}
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
@about host about.{$HOSTNAME} @about host about.{$HOSTNAME}
handle @about { handle @about {
root * /www root * /www

View File

@ -1,12 +1,10 @@
compose: config:
oracle1:
- redlib
oracle2:
- redlib
oracle3:
- redlib
oracle4: oracle4:
- redlib - caddy
compose:
oracle4:
- caddy
# ---------------------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------------------