2022-10-11: Block additional bad IP address (#1202)

* DEVOPS-000: Block additional bad IP * restored webp line Co-authored-by: Mike Decker <[email protected]>
SU-HSDO · Oct 12, 2022 · 69441c0 · 69441c0
1 parent 1bc16d5
commit 69441c0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/docroot/.htaccess b/docroot/.htaccess
@@ -19,6 +19,7 @@
   SetEnvIf AH_CLIENT_IP ^146\.190\.20\.213$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^146\.190\.24\.114$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^193\.134\.209\.57$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^104\.248\.195\.73$ Deny_Host
   Order allow,deny
   Allow from all
   Deny from env=Deny_Host

diff --git a/patches/htaccess.patch b/patches/htaccess.patch
@@ -1,8 +1,8 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 4d19147c..7c87d988 100644
+index 4d19147c..d3985779 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
-@@ -1,3 +1,29 @@
+@@ -1,3 +1,30 @@
 +
 +# Block bad bots.
 +# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip.
@@ -24,6 +24,7 @@ index 4d19147c..7c87d988 100644
 +  SetEnvIf AH_CLIENT_IP ^146\.190\.20\.213$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^146\.190\.24\.114$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^193\.134\.209\.57$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^104\.248\.195\.73$ Deny_Host
 +  Order allow,deny
 +  Allow from all
 +  Deny from env=Deny_Host
@@ -32,7 +33,7 @@ index 4d19147c..7c87d988 100644
  #
  # Apache/PHP/Drupal settings:
  #
-@@ -18,6 +44,9 @@ Options -Indexes
+@@ -18,6 +45,9 @@ Options -Indexes
  # Set the default handler.
  DirectoryIndex index.php index.html index.htm
 
@@ -42,7 +43,7 @@ index 4d19147c..7c87d988 100644
  # Add correct encoding for SVGZ.
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
-@@ -67,6 +96,61 @@ AddEncoding gzip svgz
+@@ -67,6 +97,61 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
 
@@ -104,7 +105,7 @@ index 4d19147c..7c87d988 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -144,6 +228,8 @@ AddEncoding gzip svgz
+@@ -144,6 +229,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php