Skip to content

Commit

Permalink
remove nginx perl module & block ai bots
Browse files Browse the repository at this point in the history 
Signed-off-by: Zoey <[email protected]>
  • Loading branch information
@Zoey2936
Zoey2936 committed Jan 24, 2024
1 parent 4bfb9b7 commit 1045ccf
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 5 deletions.
3 changes: 1 addition & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ RUN apk add --no-cache ca-certificates git build-base && \
sed -i "s|BAN_TEMPLATE_PATH=.*|BAN_TEMPLATE_PATH=/data/etc/crowdsec/ban.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf && \
sed -i "s|CAPTCHA_TEMPLATE_PATH=.*|CAPTCHA_TEMPLATE_PATH=/data/etc/crowdsec/captcha.html|g" /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf

FROM zoeyvid/nginx-quic:241
FROM zoeyvid/nginx-quic:243
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]

ARG CRS_VER=v4.0/dev
Expand Down Expand Up @@ -91,7 +91,6 @@ RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \

ENV NODE_ENV=production \
NODE_CONFIG_DIR=/data/etc/npm \
PATH="/usr/local/certbot/bin:$PATH" \
DB_SQLITE_FILE=/data/etc/npm/database.sqlite

ENV PUID=0 \
Expand Down
2 changes: 1 addition & 1 deletion rootfs/usr/local/bin/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,4 @@ done

cd /app || exit

start.sh
exec start.sh
4 changes: 2 additions & 2 deletions rootfs/usr/local/bin/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -834,7 +834,7 @@ if [ "$PUID" != "0" ]; then
sed -i "s|group =.*|;group = root|" /data/php/83/php-fpm.d/www.conf
fi
sed -i "s|user root;|#user root;|g" /usr/local/nginx/conf/nginx.conf
sudo -Eu npm launch.sh
exec sudo -Eu npm launch.sh
else
chown -R 0:0 /usr/local \
/data \
Expand All @@ -853,5 +853,5 @@ else
sed -i "s|;group =.*|group = root|" /data/php/83/php-fpm.d/www.conf
fi
sed -i "s|#user root;|user root;|g" /usr/local/nginx/conf/nginx.conf
launch.sh
exec launch.sh
fi
20 changes: 20 additions & 0 deletions rootfs/usr/local/nginx/conf/conf.d/include/block-exploits.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ if ($query_string ~ "[a-zA-Z0-9_]=http://") {
return 403;
}

if ($query_string ~ "[a-zA-Z0-9_]=https://") {
return 403;
}

if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
return 403;
}
Expand Down Expand Up @@ -48,3 +52,19 @@ if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
if ($query_string ~ "base64_(en|de)code\(.*\)") {
return 403;
}

if ($http_user_agent ~ "Google-Extended") {
return 403;
}

if ($http_user_agent ~ "GPTBot") {
return 403;
}

if ($http_user_agent ~ "ChatGPT-User") {
return 403;
}

if ($http_user_agent ~ "CCBot") {
return 403;
}

2 comments on commit 1045ccf

@theraw
Copy link

@theraw theraw commented on 1045ccf Jan 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Zoey2936 ($query_string ~ "[a-zA-Z0-9_]=https://") blocks web proxies

2024/01/25 03:19:11 [notice] 3700#3700: *1998 "[a-zA-Z0-9_]=https://" matches "destination=https://postman-echo.com/get", client: xxxxxx, server: de3.proxy.embed.xxxx.com, request: "GET /?destination=https://postman-echo.com/get HTTP/3.0"

@Zoey2936
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will revert it

Please sign in to comment.