diff options
| author | pvi-tm <pvi-gitlab@vilarem.net> | 2025-12-29 18:46:36 +0100 |
|---|---|---|
| committer | pvi-tm <pvi-gitlab@vilarem.net> | 2025-12-29 18:46:36 +0100 |
| commit | 0aa371dbc9035a8261a015e4b5724ad92974ba9f (patch) | |
| tree | b92f087a26e79a13f119177dbe943b4b288363b3 /modules | |
| parent | 0552afd1241695ec21a881d3de342779cc11716e (diff) | |
| download | puppet-0aa371dbc9035a8261a015e4b5724ad92974ba9f.tar puppet-0aa371dbc9035a8261a015e4b5724ad92974ba9f.tar.gz puppet-0aa371dbc9035a8261a015e4b5724ad92974ba9f.tar.bz2 puppet-0aa371dbc9035a8261a015e4b5724ad92974ba9f.tar.xz puppet-0aa371dbc9035a8261a015e4b5724ad92974ba9f.zip | |
Protecting svnweb against DDOS that use GET http://svnweb with rewrite engine (Fix)
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/apache/templates/vhost_fcgid_norobot.conf | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/modules/apache/templates/vhost_fcgid_norobot.conf b/modules/apache/templates/vhost_fcgid_norobot.conf index 1039e42f..1f354d6a 100644 --- a/modules/apache/templates/vhost_fcgid_norobot.conf +++ b/modules/apache/templates/vhost_fcgid_norobot.conf @@ -25,11 +25,10 @@ RewriteCond %{QUERY_STRING} . RewriteCond %{HTTP_USER_AGENT} "Googlebot|GoogleOther|bingbot|Yahoo! Slurp|ClaudeBot|Amazonbot|YandexBot|SemrushBot|Barkrowler|DataForSeoBot|PetalBot|facebookexternalhit|GPTBot|ImagesiftBot|spider|Spider|iPod|Trident|Presto" RewriteRule . - [R=403,L] -# Maat December 2025 - New DDOS attack +# Maat December 2025 - New DDOS attack using GET http(s):// as url RewriteEngine On -RewriteCond %{REQUEST_METHOD} ^GET -RewriteCond %{REQUEST_URI} ^http:// [NC] -RewriteRule .* - [F,L] # Returns 403 Forbidden +RewriteCond %{THE_REQUEST} ^[A-Z]{3,7}\shttps?:// [NC] +RewriteRule ^ - [F,L] # Only let expensive operations through when a cookie is set. If no cookie is # set, redirect to a page where it will be set using JavaScript and redirect |