Block scrapers on render servers instead of restricting to caches

[chef.git] / cookbooks / tile / templates / default / apache.erb

diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
index 66d9dd83709253b541e0ba9e0907b329b2ce2a62..292744195021b201dc0481d5d64833a262d05090 100644 (file)
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -22,7 +22,8 @@
 <% end -%>
 
   # Setup logging
-  CustomLog /var/log/apache2/access.log combined
+  LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_with_remoteip
+  CustomLog /var/log/apache2/access.log combined_with_remoteip
   ErrorLog /var/log/apache2/error.log
   BufferedLogs on
 
@@ -30,6 +31,9 @@
   # will always work and can be cached
   Header set Access-Control-Allow-Origin "*"
 
+  # Remove Proxy request header to mitigate https://httpoxy.org/
+  RequestHeader unset Proxy early
+
   # Enable the rewrite engine
   RewriteEngine on
 
@@ -55,3 +59,21 @@
   AllowOverride None
   Require all granted
 </Directory>
+
+<Location /cgi-bin/export>
+  <RequireAll>
+    Require all granted
+    Require not ip 60.199.131.39
+    Require not ip 92.217.67.26
+    Require not ip 103.53.208.109
+    Require not ip 113.196.123.178
+    Require not ip 118.193.51.194
+    Require not ip 119.188.70.34
+    Require not ip 165.228.125.15
+    Require not ip 171.13.14.152
+    Require not ip 171.15.132.56
+    Require not ip 199.203.108.5
+    Require not ip 210.209.89.127
+    Require not ip 210.65.88.6
+  </RequireAll>
+</Location>