From 92f39f169dade799de04cda09a4d62eb712a80d4 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Tue, 22 Oct 2024 12:59:33 +0200 Subject: [PATCH] next.forgejo.org: block depending on user agent --- k8s-forgejo.md | 2 +- k8s-forgejo/crawler-block-values.yml | 32 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 k8s-forgejo/crawler-block-values.yml diff --git a/k8s-forgejo.md b/k8s-forgejo.md index 0f2742d..3ab2bfb 100644 --- a/k8s-forgejo.md +++ b/k8s-forgejo.md @@ -20,4 +20,4 @@ ## Pod -- `../k3s-host/subst.sh forgejo-values.yml | helm upgrade forgejo-$name -f - -f $name-values.yml -f $name-secrets.yml oci://code.forgejo.org/forgejo-helm/forgejo --atomic --wait --install` +- `../k3s-host/subst.sh forgejo-values.yml | helm upgrade forgejo-$name -f - -f $name-values.yml -f crawler-block-values.yml -f $name-secrets.yml oci://code.forgejo.org/forgejo-helm/forgejo --atomic --wait --install` diff --git a/k8s-forgejo/crawler-block-values.yml b/k8s-forgejo/crawler-block-values.yml new file mode 100644 index 0000000..9b6610d --- /dev/null +++ b/k8s-forgejo/crawler-block-values.yml @@ -0,0 +1,32 @@ +extraDeploy: + - apiVersion: traefik.io/v1alpha1 + # https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-ingressroute + kind: IngressRoute + metadata: + name: forgejo-crawler + annotations: + kubernetes.io/ingress.class: traefik + spec: + entryPoints: + - web + - websecure + routes: + # https://doc.traefik.io/traefik/v3.1/routing/routers/#rule + - match: Host(`next.forgejo.org`) && HeaderRegexp(`user-agent`, `DataForSeoBot`) + kind: Rule + priority: 1000 + services: + - name: noop@internal + kind: TraefikService + middlewares: + - name: forgejo-crawler-blocker + tls: + secretName: tls-forgejo-next-ingress-http + - apiVersion: traefik.io/v1alpha1 + kind: Middleware + metadata: + name: forgejo-crawler-blocker + spec: + ipAllowList: + sourceRange: + - 127.0.0.1/32