diff options
| author | pvi-tm <pvi-gitlab@vilarem.net> | 2025-12-29 18:29:51 +0100 |
|---|---|---|
| committer | pvi-tm <pvi-gitlab@vilarem.net> | 2025-12-29 18:29:51 +0100 |
| commit | 0552afd1241695ec21a881d3de342779cc11716e (patch) | |
| tree | 9c9b06ee14721174dcd7980f0f8dcbdb49eedf60 /modules/apache | |
| parent | 65d58678eb8fffe7983cb626573b20072cef5edc (diff) | |
| download | puppet-0552afd1241695ec21a881d3de342779cc11716e.tar puppet-0552afd1241695ec21a881d3de342779cc11716e.tar.gz puppet-0552afd1241695ec21a881d3de342779cc11716e.tar.bz2 puppet-0552afd1241695ec21a881d3de342779cc11716e.tar.xz puppet-0552afd1241695ec21a881d3de342779cc11716e.zip | |
Protecting svnweb against DDOS that use GET http://svnweb with rewrite engine
Diffstat (limited to 'modules/apache')
| -rw-r--r-- | modules/apache/templates/vhost_fcgid_norobot.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/apache/templates/vhost_fcgid_norobot.conf b/modules/apache/templates/vhost_fcgid_norobot.conf index 0643cac9..1039e42f 100644 --- a/modules/apache/templates/vhost_fcgid_norobot.conf +++ b/modules/apache/templates/vhost_fcgid_norobot.conf @@ -25,6 +25,12 @@ RewriteCond %{QUERY_STRING} . RewriteCond %{HTTP_USER_AGENT} "Googlebot|GoogleOther|bingbot|Yahoo! Slurp|ClaudeBot|Amazonbot|YandexBot|SemrushBot|Barkrowler|DataForSeoBot|PetalBot|facebookexternalhit|GPTBot|ImagesiftBot|spider|Spider|iPod|Trident|Presto" RewriteRule . - [R=403,L] +# Maat December 2025 - New DDOS attack +RewriteEngine On +RewriteCond %{REQUEST_METHOD} ^GET +RewriteCond %{REQUEST_URI} ^http:// [NC] +RewriteRule .* - [F,L] # Returns 403 Forbidden + # Only let expensive operations through when a cookie is set. If no cookie is # set, redirect to a page where it will be set using JavaScript and redirect # back. This will block requests from user agents that do not support |