From 69441c0c1da4a59857211d1b1ce2768b11b4dd8c Mon Sep 17 00:00:00 2001
From: John Bickar <jbickar+github@stanford.edu>
Date: Tue, 11 Oct 2022 23:00:52 -0700
Subject: [PATCH] 2022-10-11: Block additional bad IP address (#1202)

* DEVOPS-000: Block additional bad IP

* restored webp line

Co-authored-by: Mike Decker <pookmish@gmail.com>
---
 docroot/.htaccess      |  1 +
 patches/htaccess.patch | 11 ++++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/docroot/.htaccess b/docroot/.htaccess
index 7c87d9881..d3985779a 100644
--- a/docroot/.htaccess
+++ b/docroot/.htaccess
@@ -19,6 +19,7 @@
   SetEnvIf AH_CLIENT_IP ^146\.190\.20\.213$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^146\.190\.24\.114$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^193\.134\.209\.57$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^104\.248\.195\.73$ Deny_Host
   Order allow,deny
   Allow from all
   Deny from env=Deny_Host
diff --git a/patches/htaccess.patch b/patches/htaccess.patch
index 873d2b652..bba2f6013 100644
--- a/patches/htaccess.patch
+++ b/patches/htaccess.patch
@@ -1,8 +1,8 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 4d19147c..7c87d988 100644
+index 4d19147c..d3985779 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
-@@ -1,3 +1,29 @@
+@@ -1,3 +1,30 @@
 +
 +# Block bad bots.
 +# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip.
@@ -24,6 +24,7 @@ index 4d19147c..7c87d988 100644
 +  SetEnvIf AH_CLIENT_IP ^146\.190\.20\.213$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^146\.190\.24\.114$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^193\.134\.209\.57$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^104\.248\.195\.73$ Deny_Host
 +  Order allow,deny
 +  Allow from all
 +  Deny from env=Deny_Host
@@ -32,7 +33,7 @@ index 4d19147c..7c87d988 100644
  #
  # Apache/PHP/Drupal settings:
  #
-@@ -18,6 +44,9 @@ Options -Indexes
+@@ -18,6 +45,9 @@ Options -Indexes
  # Set the default handler.
  DirectoryIndex index.php index.html index.htm
  
@@ -42,7 +43,7 @@ index 4d19147c..7c87d988 100644
  # Add correct encoding for SVGZ.
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
-@@ -67,6 +96,61 @@ AddEncoding gzip svgz
+@@ -67,6 +97,61 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
  
@@ -104,7 +105,7 @@ index 4d19147c..7c87d988 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -144,6 +228,8 @@ AddEncoding gzip svgz
+@@ -144,6 +229,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php