Commit ce47026f authored by André Kerkhoff's avatar André Kerkhoff
Browse files

Add foswiki.apache.blocked_agents to configure blocked user agents

parent 548f3081
# Apache configuration for the default Foswiki installation
default['foswiki']['apache']['access_control'] = 'System/ResetPassword'
default['foswiki']['apache']['blocked_agents'] = %w(^$ ^Accoona ^ActiveAgent ^Attache BecomeBot ^bot Charlotte/ ^ConveraCrawler ^CrownPeak-HttpAgent ^EmailCollector ^EmailSiphon ^e-SocietyRobot ^Exabot ^FAST ^FDM ^GetRight/6.0a ^GetWebPics ^Gigabot ^gonzo1 ^Google\sSpider ^ichiro ^ie_crawler ^iGetter ^IRLbot Jakarta ^Java ^KrakSpider ^larbin ^LeechGet ^LinkWalker ^Lsearch ^Microsoft MJ12bot MSIECrawler ^MSRBOT ^noxtrumbot ^NutchCVS ^RealDownload ^Rome ^Roverbot ^schibstedsokbot SemrushBot ^Seekbot ^SiteSnagger ^SiteSucker ^Snapbot ^sogou ^SpiderKU ^SpiderMan ^Squid ^Teleport ^User-Agent\: VoilaBot ^voyager ^w3search ^Web\sDownloader ^WebCopier ^WebDevil ^WebSec ^WebVac ^Webwhacker ^Webzip ^Wells ^WhoWhere www\.netforex\.org ^WX_mail ^yacybot ^ZIBB)
default['foswiki']['apache']['blocked_ips'] = [] # regexes for full IPs
default['foswiki']['apache']['cert_chain_file'] = nil
default['foswiki']['apache']['cert_file'] = nil
......
......@@ -3,7 +3,7 @@ maintainer 'HPC'
maintainer_email 'hpc@gsi.de'
license 'All rights reserved'
description 'Installs/Configures Foswiki'
version '2.10.0'
version '2.11.0'
depends 'apache2', '< 6.0'
supports 'debian'
supports 'ubuntu'
......@@ -61,6 +61,7 @@ script_url_path_view = node['foswiki']['config']['ScriptUrlPaths']['view']
web_app apache_conf['server_name'] do
access_control apache_conf['access_control']
blocked_agents apache_conf['blocked_agents']
blocked_ips apache_conf['blocked_ips']
cert_name apache_conf['cert_name']
cert_chain_file apache_conf['cert_chain_file']
......
......@@ -278,81 +278,10 @@
# including its own topics as URLs and also prevents other Foswikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying to crawl your Foswiki
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess
BrowserMatchNoCase ^Accoona blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase BecomeBot blockAccess
BrowserMatchNoCase ^bot blockAccess
BrowserMatchNoCase Charlotte/ blockAccess
BrowserMatchNoCase ^ConveraCrawler blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^e-SocietyRobot blockAccess
BrowserMatchNoCase ^Exabot blockAccess
BrowserMatchNoCase ^FAST blockAccess
BrowserMatchNoCase ^FDM blockAccess
BrowserMatchNoCase ^GetRight/6.0a blockAccess
BrowserMatchNoCase ^GetWebPics blockAccess
BrowserMatchNoCase ^Gigabot blockAccess
BrowserMatchNoCase ^gonzo1 blockAccess
BrowserMatchNoCase ^Google\sSpider blockAccess
BrowserMatchNoCase ^ichiro blockAccess
BrowserMatchNoCase ^ie_crawler blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^IRLbot blockAccess
BrowserMatchNoCase Jakarta blockAccess
BrowserMatchNoCase ^Java blockAccess
BrowserMatchNoCase ^KrakSpider blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^LinkWalker blockAccess
BrowserMatchNoCase ^Lsearch blockAccess
BrowserMatchNoCase ^Microsoft blockAccess
BrowserMatchNoCase MJ12bot blockAccess
BrowserMatchNoCase MSIECrawler blockAccess
BrowserMatchNoCase ^MSRBOT blockAccess
BrowserMatchNoCase ^noxtrumbot blockAccess
BrowserMatchNoCase ^NutchCVS blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Rome blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^schibstedsokbot blockAccess
BrowserMatchNoCase SemrushBot blockAccess
BrowserMatchNoCase ^Seekbot blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^Snapbot blockAccess
BrowserMatchNoCase ^sogou blockAccess
BrowserMatchNoCase ^SpiderKU blockAccess
BrowserMatchNoCase ^SpiderMan blockAccess
BrowserMatchNoCase ^Squid blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^User-Agent\: blockAccess
BrowserMatchNoCase VoilaBot blockAccess
BrowserMatchNoCase ^voyager blockAccess
BrowserMatchNoCase ^w3search blockAccess
BrowserMatchNoCase ^Web\sDownloader blockAccess
BrowserMatchNoCase ^WebCopier blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^WebSec blockAccess
BrowserMatchNoCase ^WebVac blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Wells blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase www\.netforex\.org blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^yacybot blockAccess
BrowserMatchNoCase ^ZIBB blockAccess
<% (@params[:blocked_agents] || []).each do |agent| -%>
BrowserMatchNoCase "<%= agent %>" blockAccess
<% end -%>
<% (@params[:blocked_ips] || []).each do |ip| -%>
SetEnvIf Remote_Addr "^<%= ip %>$" blockAccess
<% end -%>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment