block additional nuclei IP

docroot/.htaccess

@@ -11,6 +11,7 @@
   SetEnvIf AH_CLIENT_IP ^161\.117\.88\.143$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host
   SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host
+  SetEnvIf AH_CLIENT_IP ^206\.189\.77\.91$ Deny_Host
   Order allow,deny
   Allow from all
   Deny from env=Deny_Host

patches/.htaccess.patch

@@ -1,8 +1,8 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 6f9123d1..a3943ec5 100644
+index 6f9123d1..b403fab3 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
-@@ -1,3 +1,21 @@
+@@ -1,3 +1,22 @@
 +# Block bad bots.
 +# See https://docs.acquia.com/cloud-platform/arch/security/restrict/#cloud-blocking-by-ip.
 +<ifmodule mod_setenvif.c>
@@ -16,6 +16,7 @@ index 6f9123d1..a3943ec5 100644
 +  SetEnvIf AH_CLIENT_IP ^161\.117\.88\.143$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^47\.241\.104\.252$ Deny_Host
 +  SetEnvIf AH_CLIENT_IP ^161\.117\.235\.27$ Deny_Host
++  SetEnvIf AH_CLIENT_IP ^206\.189\.77\.91$ Deny_Host
 +  Order allow,deny
 +  Allow from all
 +  Deny from env=Deny_Host
@@ -24,10 +25,10 @@ index 6f9123d1..a3943ec5 100644
  #
  # Apache/PHP/Drupal settings:
  #
-@@ -62,6 +80,23 @@ AddEncoding gzip svgz
+@@ -62,6 +81,23 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
-
+ 
 +  # Redirect HTTP to HTTPS on cloud
 +  RewriteCond %{HTTPS} off
 +  RewriteCond %{HTTP:X-Forwarded-Proto} !https
@@ -48,7 +49,7 @@ index 6f9123d1..a3943ec5 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -139,6 +174,8 @@ AddEncoding gzip svgz
+@@ -139,6 +175,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php