BOTS-000: Block bots. (#795)

* BOTS-000: Block bots. * original * New patched. * Patch cleanup.
SU-HSDO · Feb 1, 2021 · b257561 · b257561
1 parent 1373ef5
commit b257561
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 4 deletions.
diff --git a/docroot/.htaccess b/docroot/.htaccess
@@ -1,3 +1,21 @@
+# Block bad bots.
+# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip.
+<ifmodule mod_setenvif.c>
+  # Match specific IP addresses.
+  SetEnvIf AH_CLIENT_IP ^67\.225\.152\.21$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^52\.143\.102\.216$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^52\.237\.223\.18$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^107\.161\.51\.47$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^47\.241\.20\.234$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^161\.117\.182\.32$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^161\.117\.88\.143$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host
+  Order allow,deny
+  Allow from all
+  Deny from env=Deny_Host
+</ifmodule>
+
 #
 # Apache/PHP/Drupal settings:
 #

diff --git a/patches/.htaccess.patch b/patches/.htaccess.patch
@@ -1,11 +1,33 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 9a73a3d3..b630230a 100644
+index 6f9123d1..a3943ec5 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
-@@ -69,6 +69,23 @@ AddEncoding gzip svgz
+@@ -1,3 +1,21 @@
++# Block bad bots.
++# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip.
++<ifmodule mod_setenvif.c>
++  # Match specific IP addresses.
++  SetEnvIf AH_CLIENT_IP ^67\.225\.152\.21$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^52\.143\.102\.216$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^52\.237\.223\.18$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^107\.161\.51\.47$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^47\.241\.20\.234$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^161\.117\.182\.32$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^161\.117\.88\.143$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host
++  Order allow,deny
++  Allow from all
++  Deny from env=Deny_Host
++</ifmodule>
++
+ #
+ # Apache/PHP/Drupal settings:
+ #
+@@ -62,6 +80,23 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
- 
+
 +  # Redirect HTTP to HTTPS on cloud
 +  RewriteCond %{HTTPS} off
 +  RewriteCond %{HTTP:X-Forwarded-Proto} !https
@@ -26,7 +48,7 @@ index 9a73a3d3..b630230a 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -146,6 +163,8 @@ AddEncoding gzip svgz
+@@ -139,6 +174,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php