Caddy: blocked IP ranges involved in spam. Thanks to ProjectSegfault
This commit is contained in:
parent
a6a7645fb4
commit
7aa4f415f5
@ -14,7 +14,9 @@ They are deployed with [Compose files](templates/compose) and load balanced acco
|
||||
|
||||
## Configurations
|
||||
|
||||
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2) that always include upstream changes. It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
|
||||
Our caddy server blocks IP ranges that have been involved in mass spams. The [block range file](https://github.com/ProjectSegfault/ansible/blob/master/privfrontends/blocked-ranges.yaml) is created by [ProjectSegfault](https://projectsegfau.lt/). Thanks to their team.
|
||||
|
||||
Our SearXNG instance uses a custom [settings.yml](templates/conf/settings.yml.j2). It is updated by hand with reference to [Pussthecat.org's configuration](https://github.com/PussTheCat-org/PussTheCat.org-Configs/tree/master/Services/SearXNG). Thanks to [TheFrenchGhosty](https://github.com/PussTheCat-org).
|
||||
|
||||
Data of our Privatebin, Etherpad, and Gitea instances are backed up periodically.
|
||||
|
||||
|
@ -10,6 +10,29 @@
|
||||
- not geolite.stat.exists
|
||||
tags: never
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Install yq on control host
|
||||
apt:
|
||||
name:
|
||||
- yq
|
||||
state: latest
|
||||
install_recommends: false
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
- name: Curl IP block range file by ProjectSegfault
|
||||
command: curl --output /tmp/blocked-ranges.yaml https://raw.githubusercontent.com/ProjectSegfault/ansible/master/privfrontends/blocked-ranges.yaml
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
- name: Read IP block range file by ProjectSegfault
|
||||
ansible.builtin.shell: "yq -e '.blocked_ranges' /tmp/blocked-ranges.yaml"
|
||||
register: result
|
||||
delegate_to: "{{ control_host }}"
|
||||
|
||||
- name: Parse IP block range file by ProjectSegfault
|
||||
set_fact:
|
||||
blocked_ranges: "{{ result.stdout | from_yaml }}"
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
- name: Set up Caddyfile
|
||||
@ -18,4 +41,4 @@
|
||||
dest: "{{ docker_dir }}/caddy/Caddyfile"
|
||||
owner: 1000
|
||||
group: 1000
|
||||
mode: 0755
|
||||
mode: 0755
|
||||
|
@ -92,6 +92,11 @@
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
}
|
||||
}
|
||||
|
||||
# IP block range by ProjectSegfault
|
||||
@denied client_ip {{ blocked_ranges }}
|
||||
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
|
||||
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
@ -100,6 +105,7 @@
|
||||
|
||||
*.{$HOSTNAME} {
|
||||
|
||||
|
||||
log {
|
||||
output discard
|
||||
}
|
||||
@ -121,6 +127,10 @@
|
||||
-Server
|
||||
}
|
||||
|
||||
# IP block range by ProjectSegfault
|
||||
@denied client_ip {{ blocked_ranges }}
|
||||
respond @denied "Unfortunately, your IP is part of a range that has been involved in mass spam to our servers. If you think our action was a mistake, please email us." 403
|
||||
|
||||
@about host about.{$HOSTNAME}
|
||||
handle @about {
|
||||
root * /www
|
||||
|
@ -1,12 +1,10 @@
|
||||
compose:
|
||||
oracle1:
|
||||
- redlib
|
||||
oracle2:
|
||||
- redlib
|
||||
oracle3:
|
||||
- redlib
|
||||
config:
|
||||
oracle4:
|
||||
- redlib
|
||||
- caddy
|
||||
|
||||
compose:
|
||||
oracle4:
|
||||
- caddy
|
||||
|
||||
# ----------------------------------------------------------------------------------------------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user