Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding configuration elements to block based on user-agents #20

Closed
wants to merge 7 commits into from
Closed

Adding configuration elements to block based on user-agents #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
2cf3d5d
Adding Caddyfile code blocks to generate user-agents block list
Sep 5, 2024
db40194
Documenting new variable in README
Sep 5, 2024
32409cb
Adding converge and Caddyfile.expected examples
Sep 5, 2024
eac7853
Changes according to Thomas comments
Sep 9, 2024
a06df43
Replying 403 code and basic access forbidden content, instead of clos…
Sep 13, 2024
1b14fb7
Adapting Caddyfile.excepted to new 403 response
Sep 13, 2024
fba99e3
Removing wildcard in the ansible role. Wildcards will have to be adde…
Sep 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ N/A
If you only want to install Caddy, you don't need to set any variables. If you want to configure Caddy as a reverse proxy as well, you can provide an array of objects named `caddy_sites` with the following values:

* `additional_forwarding_ports`: Allows to define a list with additional ports where Caddy should listen for this domain and forward to HTTPS.
* `allowlist`: An array if IP addresses in CIDR-notation which are allowed to access this site (Optional). All other visitors receive a 404 error.
* `allowlist`: An array of IP addresses in CIDR-notation which are allowed to access this site (Optional). All other visitors receive a 404 error.
* `useragent_blocklist`: An array of User-Agents which are blocked to access this site (Optional), wildcard characters (*) need to be used for broader matching.
* `certificate_file`: You can set this variable if you want to provide the certificate by yourself (Optional). The certificate needs permissions `0640`, with root as Owner and Caddy as Group.
* `certificate_key`: You can set this variable if you want to provide the certificate by yourself (Optional).
* `domain`: The domain caddy should listen to.
Expand Down
2 changes: 2 additions & 0 deletions molecule/reverse-proxy/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@
code: 401
allowlist:
- 8.8.8.8/32
useragent_blocklist:
- "*amazonbot*"
additional_forwarding_ports:
- '8080'
- '1337'
Expand Down
10 changes: 10 additions & 0 deletions molecule/reverse-proxy/files/Caddyfile.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,16 @@


example.com {
@badbots {
header User-Agent *amazonbot*
}

handle @badbots {
respond 403 {
body "Access forbidden."
}
}

@allowlist {
remote_ip 8.8.8.8/32
}
Expand Down
15 changes: 15 additions & 0 deletions templates/Caddyfile.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,21 @@

{% for site in caddy_sites %}
{{ site.domain }} {
{%- if site.useragent_blocklist is defined %}
@badbots {
{%- for ua in site.useragent_blocklist %}
header User-Agent {{ ua }}
{%- endfor %}
}

handle @badbots {
respond 403 {
body "Access forbidden."
}
}

{%- endif %}

{%- if site.allowlist is defined %}
@allowlist {
remote_ip {% for ip in site.allowlist %} {{ ip }}{% endfor %}
Expand Down
Loading