diff --git a/docroot/.htaccess b/docroot/.htaccess index b403fab30a..35d2847c15 100644 --- a/docroot/.htaccess +++ b/docroot/.htaccess @@ -12,6 +12,7 @@ SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host SetEnvIf AH_CLIENT_IP ^206\.189\.77\.91$ Deny_Host + SetEnvIf AH_CLIENT_IP ^161\.117\.176\.134$ Deny_Host Order allow,deny Allow from all Deny from env=Deny_Host diff --git a/patches/.htaccess.patch b/patches/.htaccess.patch index 2053970215..7d3ed30845 100644 --- a/patches/.htaccess.patch +++ b/patches/.htaccess.patch @@ -1,8 +1,8 @@ diff --git a/docroot/.htaccess b/docroot/.htaccess -index 6f9123d1..b403fab3 100644 +index 6f9123d1..35d2847c 100644 --- a/docroot/.htaccess +++ b/docroot/.htaccess -@@ -1,3 +1,22 @@ +@@ -1,3 +1,23 @@ +# Block bad bots. +# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip. + @@ -17,6 +17,7 @@ index 6f9123d1..b403fab3 100644 + SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host + SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host + SetEnvIf AH_CLIENT_IP ^206\.189\.77\.91$ Deny_Host ++ SetEnvIf AH_CLIENT_IP ^161\.117\.176\.134$ Deny_Host + Order allow,deny + Allow from all + Deny from env=Deny_Host @@ -25,7 +26,7 @@ index 6f9123d1..b403fab3 100644 # # Apache/PHP/Drupal settings: # -@@ -62,6 +81,23 @@ AddEncoding gzip svgz +@@ -62,6 +82,23 @@ AddEncoding gzip svgz RewriteEngine on @@ -49,7 +50,7 @@ index 6f9123d1..b403fab3 100644 # Set "protossl" to "s" if we were accessed via https://. This is used later # if you enable "www." stripping or enforcement, in order to ensure that # you don't bounce between http and https. -@@ -139,6 +175,8 @@ AddEncoding gzip svgz +@@ -139,6 +176,8 @@ AddEncoding gzip svgz RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$ # Allow access to test-specific PHP files: RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php