From 9297a9dc96569f556db63f2757628bce1d2cb6ed Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Fri, 6 Jun 2025 23:13:34 +0100
Subject: [PATCH] git: block some anonymous bot abuse

---
 cookbooks/git/templates/default/apache.erb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb
index 0d7f71f4e..d58e3b9bc 100644
--- a/cookbooks/git/templates/default/apache.erb
+++ b/cookbooks/git/templates/default/apache.erb
@@ -67,6 +67,13 @@
         RewriteRule ^/gpx-import\.git.* https://github.com/openstreetmap/gpx-import [QSD,L,R=permanent]
         RewriteRule ^/potlatch2\.git.* https://github.com/openstreetmap/potlatch2 [QSD,L,R=permanent]
 
+        # Prevent abuse by an anonymous AI bot
+        RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$
+        RewriteCond %{REQUEST_URI} ^/[^/]+\.git/blobdiff
+        RewriteCond %{HTTP_REFERER} ^-?$
+        RewriteCond %{HTTP_USER_AGENT} ((CriOS|Chrome)/[1-9][0-9]?\.0\.|Chrome/100\.0\.|Chrome/122\.0\.0\.0|(Firefox|FxiOS)/[1-6]?[0-9]\.|MSIE\ [5-9]\.0|Opera/[8-9]\.|Windows\ NT\ [3-5]\.|Version/[3-5]\.[0-1]) [NC]
+        RewriteRule ^ - [R=429,L]
+
         ScriptAlias /public /usr/lib/git-core/git-http-backend/public
         ScriptAlias /private /usr/lib/git-core/git-http-backend/private
         Alias /gitweb /usr/share/gitweb
-- 
2.39.5