1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-28 21:31:10 +00:00

next.forgejo.org: block depending on user agent

This commit is contained in:
Earl Warren 2024-10-22 12:59:33 +02:00
parent f5861bf000
commit 92f39f169d
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 33 additions and 1 deletions

View file

@ -20,4 +20,4 @@
## Pod
- `../k3s-host/subst.sh forgejo-values.yml | helm upgrade forgejo-$name -f - -f $name-values.yml -f $name-secrets.yml oci://code.forgejo.org/forgejo-helm/forgejo --atomic --wait --install`
- `../k3s-host/subst.sh forgejo-values.yml | helm upgrade forgejo-$name -f - -f $name-values.yml -f crawler-block-values.yml -f $name-secrets.yml oci://code.forgejo.org/forgejo-helm/forgejo --atomic --wait --install`

View file

@ -0,0 +1,32 @@
extraDeploy:
- apiVersion: traefik.io/v1alpha1
# https://doc.traefik.io/traefik/v3.1/routing/providers/kubernetes-crd/#kind-ingressroute
kind: IngressRoute
metadata:
name: forgejo-crawler
annotations:
kubernetes.io/ingress.class: traefik
spec:
entryPoints:
- web
- websecure
routes:
# https://doc.traefik.io/traefik/v3.1/routing/routers/#rule
- match: Host(`next.forgejo.org`) && HeaderRegexp(`user-agent`, `DataForSeoBot`)
kind: Rule
priority: 1000
services:
- name: noop@internal
kind: TraefikService
middlewares:
- name: forgejo-crawler-blocker
tls:
secretName: tls-forgejo-next-ingress-http
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: forgejo-crawler-blocker
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32