0
0

Caddy: blocked IP ranges involved in spam. Thanks to ProjectSegfault

This commit is contained in:
Opnxng 2024-05-30 23:29:39 +08:00
parent a6a7645fb4
commit 7aa4f415f5
4 changed files with 43 additions and 10 deletions

View File

@ -14,7 +14,9 @@ They are deployed with [Compose files](templates/compose) and load balanced acco
## Configurations
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2). It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.

View File

@ -10,6 +10,29 @@
- not geolite.stat.exists
tags: never
# ----------------------------------------------------------------------------------------------------
- name: Install yq on control host
apt:
name:
- yq
state: latest
install_recommends: false
delegate_to: "{{ control_host }}"
- name: Curl IP block range file by ProjectSegfault
command: curl --output /tmp/blocked-ranges.yaml https://raw.githubusercontent.com/ProjectSegfault/ansible/master/privfrontends/blocked-ranges.yaml
delegate_to: "{{ control_host }}"
- name: Read IP block range file by ProjectSegfault
ansible.builtin.shell: "yq -e '.blocked_ranges' /tmp/blocked-ranges.yaml"
register: result
delegate_to: "{{ control_host }}"
- name: Parse IP block range file by ProjectSegfault
set_fact:
blocked_ranges: "{{ result.stdout | from_yaml }}"
# ----------------------------------------------------------------------------------------------------
- name: Set up Caddyfile

View File

@ -92,6 +92,11 @@
header_up X-Forwarded-Proto {http.request.scheme}
}
}
# IP block range by ProjectSegfault
@denied client_ip {{ blocked_ranges }}
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
}
# ----------------------------------------------------------------------------------------------------
@ -100,6 +105,7 @@
*.{$HOSTNAME} {
log {
output discard
}
@ -121,6 +127,10 @@
-Server
}
# IP block range by ProjectSegfault
@denied client_ip {{ blocked_ranges }}
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
@about host about.{$HOSTNAME}
handle @about {
root * /www

View File

@ -1,12 +1,10 @@
compose:
oracle1:
- redlib
oracle2:
- redlib
oracle3:
- redlib
config:
oracle4:
- redlib
- caddy
compose:
oracle4:
- caddy
# ----------------------------------------------------------------------------------------------------